CVE-2002-2350

Phpoutsourcing Zorum - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in z_user_show.php in dbtreelistproperty_method.php in Zorum 2.4 allows remote attackers to inject arbitrary web script or HTML via the class parameter.

References (2)

[Exploit] http://archives.neohapsis.com/archives/bugtraq/2002-10/0152.html

[Third Party Advisory] http://www.iss.net/security_center/static/10337.php

Scores

EPSS 0.0039

EPSS Percentile 59.9%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

phpoutsourcing/zorum

Timeline

Published Dec 31, 2002

Tracked Since Feb 18, 2026