Vulnerabilities > CVE-2002-0902 - HTML Injection vulnerability in PHPBB2 Image Tag

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
phpbb-group
exploit available

Summary

Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (") in the [IMG] tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script.

Exploit-Db

descriptionPHPBB2 Image Tag HTML Injection Vulnerability. CVE-2002-0902. Webapps exploit for php platform
idEDB-ID:21486
last seen2016-02-02
modified2002-05-26
published2002-05-26
reporterMartijn Boerwinkel
sourcehttps://www.exploit-db.com/download/21486/
titlePHPBB2 Image Tag HTML Injection Vulnerability