CVEブラウザに戻る

CVE-2002-1480

MEDIUM

6.8

CVSS Severity Score

EPSS Score0.1390%

EPSS Percentile24.31th

Published2003年4月22日

Last Modified2026年4月16日

Vulnerability Description

Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows remote attackers to inject arbitrary HTML or script into guestbook pages, which is executed when the administrator deletes the entry.

Affected Platforms (CPE)

📦

Phpgb

Phpgb

= 1.10

References & Advisories

🔗 http://archives.neohapsis.com/archives/bugtraq/2002-09/0069.html

🔗 http://www.iss.net/security_center/static/10060.php

🔗 http://www.securityfocus.com/bid/5676

🔗 http://archives.neohapsis.com/archives/bugtraq/2002-09/0069.html

🔗 http://www.iss.net/security_center/static/10060.php

🔗 http://www.securityfocus.com/bid/5676

関連する脆弱性情報

CVE-2002-148210.0

SQL injection vulnerability in login.php for phpGB 1.20 and earlier, when magic_quotes_gpc is not enabled, allows remote attackers...

CVE-2002-14817.5

savesettings.php in phpGB 1.20 and earlier does not require authentication, which allows remote attackers to cause a denial of ser...

CVE-2002-074710.0

Buffer overflow in lsmcode in AIX 4.3.3.

CVE-2002-135910.0

Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause ...