Lucene search
MitreCVE-2002-0902HistoryOct 04, 2002 - 4:00 a.m.
CVE-2002-0902
2002-10-0404:00:00
mitre
web.nvd.nist.gov
26
cve-2002-0902
phpbb
cross-site scripting
vulnerability
security
remote
javascript
nvd
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.9
Confidence
High
EPSS
0.025
Percentile
90.2%
Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (") in the [IMG] tag, which bypasses phpBB’s security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script.
Affected configurations
Node
phpbb_groupphpbbMatch2.0.0
ORphpbb_groupphpbbMatch2.0_beta1
ORphpbb_groupphpbbMatch2.0_rc1
ORphpbb_groupphpbbMatch2.0_rc2
ORphpbb_groupphpbbMatch2.0_rc3
ORphpbb_groupphpbbMatch2.0_rc4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| phpbb_group | phpbb | 2.0.0 | cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:* |
| phpbb_group | phpbb | 2.0_beta1 | cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:* |
| phpbb_group | phpbb | 2.0_rc1 | cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:* |
| phpbb_group | phpbb | 2.0_rc2 | cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:* |
| phpbb_group | phpbb | 2.0_rc3 | cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:* |
| phpbb_group | phpbb | 2.0_rc4 | cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2002-0902
2002-08-31 04:00:00
exploitdb
exploitdb
PHPBB2 - Image Tag HTML Injection
2002-05-26 00:00:00
nvd
nvd
CVE-2002-0902
2002-10-04 04:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.9
Confidence
High
EPSS
0.025
Percentile
90.2%
Related for CVE-2002-0902