CyberSec.Space Logo
Back to CVE Browser

CVE-2002-0319

HIGH
7.5
CVSS Severity Score
EPSS Score0.0230%
EPSS Percentile29.26th
PublishedJun 25, 2002
Last ModifiedApr 16, 2026

Vulnerability Description

Cross-site scripting vulnerability in edituser.php for pforum 1.14 and earlier allows remote attackers to execute script and steal cookies from other users via Javascript in a username.

Affected Platforms (CPE)

πŸ“¦
Powie

Pforum

= 1.11
πŸ“¦
Powie

Pforum

= 1.12
πŸ“¦
Powie

Pforum

= 1.13
πŸ“¦
Powie

Pforum

= 1.14

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=101446366708757&w=2
πŸ”— http://www.iss.net/security_center/static/8263.php
πŸ”— http://www.securityfocus.com/bid/4165
πŸ”— http://marc.info/?l=bugtraq&m=101446366708757&w=2
πŸ”— http://www.iss.net/security_center/static/8263.php
πŸ”— http://www.securityfocus.com/bid/4165

Related Vulnerabilities

CVE-2002-028710.0

pforum 1.14 and earlier does not explicitly enable PHP magic quotes, which allows remote attackers to bypass authentication and ga...

CVE-2006-60387.5

SQL injection vulnerability in editpoll.php in Powie's PHP Forum (pForum) 1.29a and earlier allows remote attackers to execute arb...

CVE-2008-43557.5

SQL injection vulnerability in showprofil.php in Powie PSCRIPT Forum (aka PHP Forum or pForum) 1.30 and earlier allows remote atta...

CVE-2004-17166.8

Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows remote attackers to inject arbitrary web script or HTML via ...