CVE-2002-0590

IcrediBB 1.1 Beta - Stored Cross-Site Scripting via Post Title or Body

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0590. PoCs published by Daniel Nyström.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in IcrediBB forum software by injecting a JavaScript alert into the subject or message body. The lack of input filtering allows arbitrary script execution in the context of a user's browser.

Description

Cross-site scripting (CSS) vulnerability in IcrediBB 1.1 Beta allows remote attackers to execute arbitrary script and steal cookies as other IcrediBB users via the (1) title or (2) body of posts.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Daniel Nyström · textwebappsphp
https://www.exploit-db.com/exploits/21399

This exploit demonstrates a stored XSS vulnerability in IcrediBB forum software by injecting a JavaScript alert into the subject or message body. The lack of input filtering allows arbitrary script execution in the context of a user's browser.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: IcrediBB (version not specified)
No auth needed
Prerequisites: Access to post a message on the IcrediBB forum
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/8879.php
Exploit, Patch, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-04/0263.html
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/4548

Scores

EPSS 0.0281
EPSS Percentile 84.8%

Details

Status published
Products (1)
icredibb/icredibb 1.1_beta
Published Jun 18, 2002
Tracked Since Feb 18, 2026