← Back

CVE-2002-0902

nvd nist
Published: Oct 4, 2002Modified: Apr 16, 2026

JSON object

Loading...
7.5
Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
Exploitability: 10.0 / Impact: 6.4
Source: NVD

Description

Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (") in the [IMG] tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script.

Affected (6)

Products: Phpbb Group: Phpbb
Phpbb Group
1 product
Phpbb
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Phpbb Group
Phpbb
Version 2.0.0
Phpbb
Version 2.0_beta1
Phpbb
Version 2.0_rc1
Phpbb
Version 2.0_rc2
Phpbb
Version 2.0_rc3
Phpbb
Version 2.0_rc4

References (6)

Source: cve@mitre.org
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
ExploitPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatchVendor Advisory

Timeline

No history available yet.