CVE-2006-0437
Publication date 6 February 2006
Last updated 17 July 2025
Ubuntu priority
Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as “onmouseover” in the (1) smile_url or (2) smile_emotion parameters, which bypasses a check for ”<” and ”>” characters.
Status
Package | Ubuntu Release | Status |
---|---|---|
phpbb2 | 9.10 karmic | Not in release |
9.04 jaunty | Not in release | |
8.10 intrepid |
Fixed 2.0.21-3
|
|
8.04 LTS hardy |
Fixed 2.0.21-3
|
|
7.10 gutsy |
Fixed 2.0.21-3
|
|
7.04 feisty |
Fixed 2.0.21-3
|
|
6.10 edgy |
Fixed 2.0.21-3
|
|
6.06 LTS dapper | Ignored end of life |