← back
CVE-2002-0902

CVE-2002-0902

EPSS 7.2%
Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (") in the [IMG] tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/21486unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://online.securityfocus.com/archive/1/274273http://www.iss.net/security_center/static/9178.phphttp://www.securityfocus.com/bid/4858