CVE-2002-1708

BasiliX Webmail 1.10 - Stored Cross-Site Scripting via Subject or Message Fields

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1708. PoCs published by Ulf Harnhammar.

AI-analyzed exploit summary The provided text describes a script injection vulnerability in BasiliX Webmail 1.1.0, where malicious JavaScript can be executed via the Subject or message body. The example demonstrates a cookie-stealing XSS payload.

Description

Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 allows remote attackers to execute arbitrary script as other users by injecting script into the (1) subject or (2) message fields.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Ulf Harnhammar · textwebappsphp
https://www.exploit-db.com/exploits/21570

The provided text describes a script injection vulnerability in BasiliX Webmail 1.1.0, where malicious JavaScript can be executed via the Subject or message body. The example demonstrates a cookie-stealing XSS payload.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: BasiliX Webmail 1.1.0
No auth needed
Prerequisites: Victim must view the malicious email in BasiliX Webmail
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5060
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/9384
Third Party Advisory mailing-list x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://online.securityfocus.com/archive/1/277710

Scores

EPSS 0.0426
EPSS Percentile 89.8%

Details

Status published
Products (1)
basilix/basilix_webmail 1.1.0
Published Dec 31, 2002
Tracked Since Feb 18, 2026