If you think you have found a security hole with phpBB, contact the 
security email address ... I assure you they won't bite your head off 
for notifying them, even if it turns out to be a false alarm.
International Veneer Co., Inc. wrote:
----- Original Message ----- From: "Shaun Colley" <shaunige@xxxxxxxxxxx>
To: <bugtraq@xxxxxxxxxxxxxxxxx>
Sent: Wednesday, January 28, 2004 10:39 AM
Subject: phpBB privmsg.php XSS vulnerability patch.
For those who have not yet installed the phpBB
packages fixing the XSS vulnerability in privmsg.php
documented at <http://www.securityfocus.com/bid/9290>
<snip>
Thank you for your time.
Shaun.