Vulnerability Name:

CVE-2002-0475 (CCN-7459)

Assigned:2001-10-29
Published:2001-10-29
Updated:2008-09-05
Summary:Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Other
References:Source: MITRE
Type: CNA
CVE-2002-0475

Source: XF
Type: Vendor Advisory
phpbb-cross-site-scripting(7459)

Source: CCN
Type: itcp advisory 14 May 8th, 2002
Lysias Lidik Webserver suffers from a Directory Traversal Vulnerability

Source: CCN
Type: OSVDB ID: 4269
phpBB Message Edit IMG BBCode Tag XSS

Source: CCN
Type: The phpBB Group Web site
phpBB

Source: CCN
Type: SecuriTeam Mailing List, UNIX focus 29 Oct 2001
JavaScript Insertion in phpBB and Ikonboard Bulletin Boards (IMG, CSS)

Source: MISC
Type: UNKNOWN
http://www.securiteam.com/unixfocus/6W00Q202UM.html

Source: BID
Type: Vendor Advisory
4379

Source: CCN
Type: BID-4379
PHPBB Image Tag User-Embedded Scripting Vulnerability

Source: XF
Type: UNKNOWN
phpbb-cross-site-scripting(7459)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:phpbb_group:phpbb:1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:phpbb_group:phpbb:1.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:phpbb_group:phpbb:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:phpbb_group:phpbb:1.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:phpbb_group:phpbb:1.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:phpbb_group:phpbb:1.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:phpbb_group:phpbb:1.4.4:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:phpbb_group:phpbb:1.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:phpbb_group:phpbb:1.4.4:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    phpbb_group phpbb 1.0.0
    phpbb_group phpbb 1.2.0
    phpbb_group phpbb 1.2.1
    phpbb_group phpbb 1.4.0
    phpbb_group phpbb 1.4.1
    phpbb_group phpbb 1.4.2
    phpbb_group phpbb 1.4.4
    phpbb_group phpbb 1.4.2
    phpbb_group phpbb 1.4.4