CyberSec.Space Logo
CVEブラウザに戻る

CVE-2002-0319

HIGH
7.5
CVSS Severity Score
EPSS Score0.0230%
EPSS Percentile29.26th
Published2002年6月25日
Last Modified2026年4月16日

Vulnerability Description

Cross-site scripting vulnerability in edituser.php for pforum 1.14 and earlier allows remote attackers to execute script and steal cookies from other users via Javascript in a username.

Affected Platforms (CPE)

📦
Powie

Pforum

= 1.11
📦
Powie

Pforum

= 1.12
📦
Powie

Pforum

= 1.13
📦
Powie

Pforum

= 1.14

References & Advisories

🔗 http://marc.info/?l=bugtraq&m=101446366708757&w=2
🔗 http://www.iss.net/security_center/static/8263.php
🔗 http://www.securityfocus.com/bid/4165
🔗 http://marc.info/?l=bugtraq&m=101446366708757&w=2
🔗 http://www.iss.net/security_center/static/8263.php
🔗 http://www.securityfocus.com/bid/4165

関連する脆弱性情報

CVE-2002-028710.0

pforum 1.14 and earlier does not explicitly enable PHP magic quotes, which allows remote attackers to bypass authentication and ga...

CVE-2006-60387.5

SQL injection vulnerability in editpoll.php in Powie's PHP Forum (pForum) 1.29a and earlier allows remote attackers to execute arb...

CVE-2008-43557.5

SQL injection vulnerability in showprofil.php in Powie PSCRIPT Forum (aka PHP Forum or pForum) 1.30 and earlier allows remote atta...

CVE-2004-17166.8

Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows remote attackers to inject arbitrary web script or HTML via ...