Description
Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows remote attackers to inject arbitrary HTML or script into guestbook pages, which is executed when the administrator deletes the entry.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by ppp-design · textwebappsphp
https://www.exploit-db.com/exploits/21780
References (3)
Core 3
Core References
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/5676
Exploit, Patch, Vendor Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-09/0069.html
Patch, Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/10060.php
Scores
EPSS
0.0088
EPSS Percentile
75.4%
Details
Status
published
Products (1)
phpgb/phpgb
1.10
Published
Apr 22, 2003
Tracked Since
Feb 18, 2026