CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2002-0117

HIGH
7.5
CVSS Severity Score
EPSS Score0.1950%
EPSS Percentile18.62th
Published2002年3月25日
Last Modified2026年4月16日

Vulnerability Description

Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and earlier allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag.

Affected Platforms (CPE)

📦
Yabb

Yabb

= 0.01_release
📦
Yabb

Yabb

= 0.01_sp1
📦
Yabb

Yabb

= 2000-09-01
📦
Yabb

Yabb

= 2000-09-11

References & Advisories

🔗 http://online.securityfocus.com/archive/1/249031
🔗 http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3828
🔗 http://www.iss.net/security_center/static/7840.php
🔗 http://www.osvdb.org/2019
🔗 http://www.yabbforum.com/
🔗 http://online.securityfocus.com/archive/1/249031
🔗 http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3828
🔗 http://www.iss.net/security_center/static/7840.php

相關漏洞威脅

CVE-2004-240310.0

Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote attackers to perform unauthorized actions as...

CVE-2007-320810.0

CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 allows remote attackers to obtain administrative access via ...

CVE-2004-034310.0

Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b allow remote attackers to execute arbitrary SQL via (1) the...

CVE-2013-20579.8

YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability