Vulnerabilities > CVE-2002-0902 - Unspecified vulnerability in PHPbb Group PHPbb

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

phpbb-group

exploit available

NVD

Published: 2002-10-04

Updated: 2024-11-20

Summary

Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (") in the [IMG] tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script.

Vulnerable Configurations

Part	Description	Count
Application	Phpbb_Group Phpbb Group Phpbb 2.0_Rc2 Phpbb Group Phpbb 2.0_Rc1 Phpbb Group Phpbb 2.0_Rc4 Phpbb Group Phpbb 2.0.0 Phpbb Group Phpbb 2.0_Rc3 Phpbb Group Phpbb 2.0_Beta1	6

Exploit-Db

description	PHPBB2 Image Tag HTML Injection Vulnerability. CVE-2002-0902. Webapps exploit for php platform
id	EDB-ID:21486
last seen	2016-02-02
modified	2002-05-26
published	2002-05-26
reporter	Martijn Boerwinkel
source	https://www.exploit-db.com/download/21486/
title	PHPBB2 Image Tag HTML Injection Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

References