CyberSec.Space Logo
Back to CVE Browser

CVE-2002-1480

MEDIUM
6.8
CVSS Severity Score
EPSS Score0.1390%
EPSS Percentile24.31th
PublishedApr 22, 2003
Last ModifiedApr 16, 2026

Vulnerability Description

Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows remote attackers to inject arbitrary HTML or script into guestbook pages, which is executed when the administrator deletes the entry.

Affected Platforms (CPE)

πŸ“¦
Phpgb

Phpgb

= 1.10

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/bugtraq/2002-09/0069.html
πŸ”— http://www.iss.net/security_center/static/10060.php
πŸ”— http://www.securityfocus.com/bid/5676
πŸ”— http://archives.neohapsis.com/archives/bugtraq/2002-09/0069.html
πŸ”— http://www.iss.net/security_center/static/10060.php
πŸ”— http://www.securityfocus.com/bid/5676

Related Vulnerabilities

CVE-2002-148210.0

SQL injection vulnerability in login.php for phpGB 1.20 and earlier, when magic_quotes_gpc is not enabled, allows remote attackers...

CVE-2002-14817.5

savesettings.php in phpGB 1.20 and earlier does not require authentication, which allows remote attackers to cause a denial of ser...

CVE-2002-000510.0

Buffer overflow in AOL Instant Messenger (AIM) 4.7.2480, 4.8.2616, and other versions allows remote attackers to execute arbitrary...

CVE-2002-000710.0

CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a re...