phpBB version 2.0.22 suffers from a cross site scripting vulnerability in admin_groups.php.
ce131f837eaf0c1dd3077b0a794eecbb03f9fe0e9a2f3ff83cd395ed0125ad13
Opencosmo Security
http://www.opencosmo.com
Author: Alfredo Panzera, Opencosmo Security
Vendor: phpBB.com
Version: 2.0.22
Exploit:
Go to http://[website]/forum/admin/admin_groups.php and into 'Group description:' insert your XSS.