Description
Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (") in the [IMG] tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Martijn Boerwinkel · textwebappsphp
https://www.exploit-db.com/exploits/21486
References (3)
Core 3
Core References
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/4858
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://online.securityfocus.com/archive/1/274273
Patch, Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/9178.php
Scores
EPSS
0.0822
EPSS Percentile
92.3%
Details
Status
published
Products (6)
phpbb_group/phpbb
2.0.0
phpbb_group/phpbb
2.0_beta1
phpbb_group/phpbb
2.0_rc1
phpbb_group/phpbb
2.0_rc2
phpbb_group/phpbb
2.0_rc3
phpbb_group/phpbb
2.0_rc4
Published
Oct 04, 2002
Tracked Since
Feb 18, 2026