Lucene search

MitreCVE-2002-0535

HistoryJul 03, 2002 - 4:00 a.m.

CVE-2002-0535

2002-07-0304:00:00

mitre

web.nvd.nist.gov

cve-2002-0535

postboard 2.0.1

xss

cross-site scripting

remote attack

img tag

topic title

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

7.2

Confidence

High

EPSS

0.047

Percentile

92.7%

JSON

Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier allows remote attackers to execute script as other users via (1) an [IMG] tag when BBCode is enabled, or (2) in a topic title.

Affected configurations

Nvd

Node

postboardpostboardMatch2.0

postboardpostboardMatch2.0.1

postnuke_software_foundationpostnukeMatch0.64

postnuke_software_foundationpostnukeMatch0.70

postnuke_software_foundationpostnukeMatch0.71

postnuke_software_foundationpostnukeMatch0.703

VendorProductVersionCPE
postboardpostboard2.0cpe:2.3:a:postboard:postboard:2.0:*:*:*:*:*:*:*
postboardpostboard2.0.1cpe:2.3:a:postboard:postboard:2.0.1:*:*:*:*:*:*:*
postnuke_software_foundationpostnuke0.64cpe:2.3:a:postnuke_software_foundation:postnuke:0.64:*:*:*:*:*:*:*
postnuke_software_foundationpostnuke0.70cpe:2.3:a:postnuke_software_foundation:postnuke:0.70:*:*:*:*:*:*:*
postnuke_software_foundationpostnuke0.71cpe:2.3:a:postnuke_software_foundation:postnuke:0.71:*:*:*:*:*:*:*
postnuke_software_foundationpostnuke0.703cpe:2.3:a:postnuke_software_foundation:postnuke:0.703:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
postboard	postboard	2.0	cpe:2.3:a:postboard:postboard:2.0:::::::*
postboard	postboard	2.0.1	cpe:2.3:a:postboard:postboard:2.0.1:::::::*
postnuke_software_foundation	postnuke	0.64	cpe:2.3:a:postnuke_software_foundation:postnuke:0.64:::::::*
postnuke_software_foundation	postnuke	0.70	cpe:2.3:a:postnuke_software_foundation:postnuke:0.70:::::::*
postnuke_software_foundation	postnuke	0.71	cpe:2.3:a:postnuke_software_foundation:postnuke:0.71:::::::*
postnuke_software_foundation	postnuke	0.703	cpe:2.3:a:postnuke_software_foundation:postnuke:0.703:::::::*

References

online.securityfocus.com/archive/1/267936

www.iss.net/security_center/static/8881.php

www.securityfocus.com/bid/4559

www.securityfocus.com/bid/4561

exchange.xforce.ibmcloud.com/vulnerabilities/8884

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

7.2

Confidence

High

EPSS

0.047

Percentile

92.7%

JSON

Related for CVE-2002-0535