CVE-2002-0955

YaBB 1 Gold SP1 and earlier - Cross-Site Scripting via num Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0955. PoCs published by methodic.

AI-analyzed exploit summary The exploit describes a cross-site scripting (XSS) vulnerability in YaBB where attacker-supplied script code can be embedded in error pages via a crafted URL. This allows arbitrary JavaScript execution in the context of the vulnerable site.

Description

Cross-site scripting vulnerability in YaBB.cgi for Yet Another Bulletin Board (YaBB) 1 Gold SP1 and earlier allows remote attackers to execute arbitrary script as other web site visitors via script in the num parameter, which is not filtered in the resulting error message.

Exploits (1)

exploitdb WRITEUP VERIFIED
by methodic · textwebappscgi
https://www.exploit-db.com/exploits/21573

The exploit describes a cross-site scripting (XSS) vulnerability in YaBB where attacker-supplied script code can be embedded in error pages via a crafted URL. This allows arbitrary JavaScript execution in the context of the vulnerable site.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: YaBB (version not specified)
No auth needed
Prerequisites: Victim must click a malicious URL
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/9408.php
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-06/0261.html
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5078

Scores

EPSS 0.0855
EPSS Percentile 94.4%

Details

Status published
Products (1)
yabb/yabb 1_gold_sp_1
Published Oct 04, 2002
Tracked Since Feb 18, 2026