CVE-2002-0319
pforum 1.14 - Stored Cross-Site Scripting via Username Field
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2002-0319. PoCs published by Jens Liebchen.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Powie PForum by injecting arbitrary script code via the username URL parameter. The PoC constructs a malicious link that executes JavaScript in the context of the victim's browser, potentially stealing cookie-based authentication credentials.
Description
Cross-site scripting vulnerability in edituser.php for pforum 1.14 and earlier allows remote attackers to execute script and steal cookies from other users via Javascript in a username.
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in Powie PForum by injecting arbitrary script code via the username URL parameter. The PoC constructs a malicious link that executes JavaScript in the context of the victim's browser, potentially stealing cookie-based authentication credentials.