CVE-2002-1480

phpgb - Stored Cross-Site Scripting via Guestbook Entry Deletion

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1480. PoCs published by ppp-design.

AI-analyzed exploit summary This exploit demonstrates an HTML injection vulnerability in phpGB, allowing an attacker to inject malicious script code into guestbook entries. The script executes in the context of the administrative user's browser when they attempt to delete the entry.

Description

Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows remote attackers to inject arbitrary HTML or script into guestbook pages, which is executed when the administrator deletes the entry.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ppp-design · textwebappsphp

https://www.exploit-db.com/exploits/21780

View Code ZIP pw:eip

This exploit demonstrates an HTML injection vulnerability in phpGB, allowing an attacker to inject malicious script code into guestbook entries. The script executes in the context of the administrative user's browser when they attempt to delete the entry.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: phpGB (version not specified)

No auth needed

Prerequisites: Access to the guestbook entry form

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/5676

Exploit, Patch, Vendor Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2002-09/0069.html

Patch, Vendor Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/10060.php

Scores

EPSS 0.0427

EPSS Percentile 89.8%

Details

Status published

Products (1)

phpgb/phpgb 1.10

Published Apr 22, 2003

Tracked Since Feb 18, 2026