phpBB

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
https://github.com/phpbb/phpbb SOURCE_CODE high high high critical
The Admin Control Panel allows adminstrators to create custom BBcodes. This feature also allows the use of JavaScript, therefore XSS created by an adminstrator is out of scope.

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
https://www.phpbb.com URL high high high none
Please limit your reports to the phpBB git repository for now.