Description
Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.2.0 Beta Release 1.0 allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Obscure · textwebappscgi
https://www.exploit-db.com/exploits/21209
References (3)
Core 3
Core References
Exploit, Patch, Vendor Advisory mailing-list
x_refsource_bugtraq
http://online.securityfocus.com/archive/1/249031
Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/7838.php
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/3829
Scores
EPSS
0.0306
EPSS Percentile
86.8%
Details
Status
published
Products (9)
infopop/ultimate_bulletin_board
5.4.7e
infopop/ultimate_bulletin_board
5.43
infopop/ultimate_bulletin_board
6.0
infopop/ultimate_bulletin_board
6.0.1
infopop/ultimate_bulletin_board
6.0.2
infopop/ultimate_bulletin_board
6.0.3
infopop/ultimate_bulletin_board
6.0.4f
infopop/ultimate_bulletin_board
6.0beta
infopop/ultimate_bulletin_board
6.2.0_beta_release_1.0
Published
Mar 25, 2002
Tracked Since
Feb 18, 2026