CVE-2002-0118

Infopop Ultimate Bulletin Board 6.2.0 Beta Release 1.0 - Cross-Site Scripting via IMG Tag

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0118. PoCs published by Obscure.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in UBB (Ultimate Bulletin Board) by injecting malicious JavaScript code into an image link. The script steals cookie-based authentication credentials and sends them to an attacker-controlled site.

Description

Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.2.0 Beta Release 1.0 allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Obscure · textwebappscgi
https://www.exploit-db.com/exploits/21209

This exploit demonstrates a cross-site scripting (XSS) vulnerability in UBB (Ultimate Bulletin Board) by injecting malicious JavaScript code into an image link. The script steals cookie-based authentication credentials and sends them to an attacker-controlled site.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: UBB (Ultimate Bulletin Board)
No auth needed
Prerequisites: Access to post a message on the UBB forum
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Patch, Vendor Advisory mailing-list x_refsource_bugtraq
http://online.securityfocus.com/archive/1/249031
Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/7838.php
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/3829

Scores

EPSS 0.0710
EPSS Percentile 93.4%

Details

Status published
Products (9)
infopop/ultimate_bulletin_board 5.4.7e
infopop/ultimate_bulletin_board 5.43
infopop/ultimate_bulletin_board 6.0
infopop/ultimate_bulletin_board 6.0.1
infopop/ultimate_bulletin_board 6.0.2
infopop/ultimate_bulletin_board 6.0.3
infopop/ultimate_bulletin_board 6.0.4f
infopop/ultimate_bulletin_board 6.0beta
infopop/ultimate_bulletin_board 6.2.0_beta_release_1.0
Published Mar 25, 2002
Tracked Since Feb 18, 2026