Vulnerabilities > CVE-2002-1480 - HTML Injection vulnerability in PHPgb 1.10

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

phpgb

exploit available

NVD

Published: 2003-04-22

Updated: 2008-09-05

Summary

Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows remote attackers to inject arbitrary HTML or script into guestbook pages, which is executed when the administrator deletes the entry.

Vulnerable Configurations

Part	Description	Count
Application	Phpgb Phpgb Phpgb 1.10	1

Exploit-Db

description	phpGB 1.1 HTML Injection Vulnerability. CVE-2002-1480. Webapps exploit for php platform
id	EDB-ID:21780
last seen	2016-02-02
modified	2002-09-09
published	2002-09-09
reporter	ppp-design
source	https://www.exploit-db.com/download/21780/
title	phpGB 1.1 HTML Injection Vulnerability

References

http://archives.neohapsis.com/archives/bugtraq/2002-09/0069.html
http://www.iss.net/security_center/static/10060.php
http://www.securityfocus.com/bid/5676