Vulnerabilities > CVE-2002-0330 - Unspecified vulnerability in Openbb 1.0.0Beta1/1.0.0Rc1/1.0.0Rc2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Cross-site scripting vulnerability in codeparse.php of Open Bulletin Board (OpenBB) 1.0.0 allows remote attackers to execute arbitrary script and steal cookies via Javascript in the IMG tag.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Exploit-Db
description OpenBB 1.0 .0 RC3 BBCode Cross Agent HTML Injection Vulnerability. CVE-2002-0330,CVE-2002-1829. Webapps exploit for php platform id EDB-ID:21474 last seen 2016-02-02 modified 2002-05-24 published 2002-05-24 reporter frog source https://www.exploit-db.com/download/21474/ title OpenBB 1.0.0 RC3 - BBCode Cross Agent HTML Injection Vulnerability description OpenBB 1.0.x Image Tag Cross-Agent Scripting Vulnerability. CVE-2002-0330. Webapps exploit for php platform id EDB-ID:21301 last seen 2016-02-02 modified 2002-02-25 published 2002-02-25 reporter skizzik source https://www.exploit-db.com/download/21301/ title OpenBB 1.0.x Image Tag Cross-Agent Scripting Vulnerability
Seebug
| bulletinFamily | exploit |
| description | BugCVE: CVE-2002-0330 BUGTRAQ: 4171 OpenBB对用户输入过滤上存在漏洞,可能使远程攻击者利用在论坛上的发贴对其他用户进行跨站脚本执行攻击。 OpenBB支持用户在贴子中使用[img]标记插入图像,但它未对标记中的内容做充分的过滤,这可能导致攻击者在此标记的内容中放入脚本代码,当用户浏览相关页面时,脚本将在用户的浏览器中执行。攻击者可能借此得到用户基于Cookie的认证信息。 OpenBB 1.0.0 RC2\RC1\beta1 临时解决方法: 如果您不能立刻安装补丁或者升级,建议您采取以下措施以降低威胁: * 在漏洞修复之前暂时关闭Image标记的使用。 厂商补丁: Iansoft ------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: <a href="http://www.openbb.net/" target="_blank" rel=external nofollow>http://www.openbb.net/</a> |
| id | SSV:11373 |
| last seen | 2017-11-19 |
| modified | 2009-05-20 |
| published | 2009-05-20 |
| reporter | Root |
| title | OpenBB Image标记跨站脚本执行(CSS/XSS)漏洞 |