CVE-2002-0330
published 2002-06-25CVE-2002-0330: Cross-site scripting vulnerability in codeparse.php of Open Bulletin Board (OpenBB) 1.0.0 allows remote attackers to execute arbitrary script and steal cookies…
PriorityP430high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
7.85%
94.0th percentile
Cross-site scripting vulnerability in codeparse.php of Open Bulletin Board (OpenBB) 1.0.0 allows remote attackers to execute arbitrary script and steal cookies via Javascript in the IMG tag.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openbb | openbb | — | — |
| openbb | openbb | — | — |
| openbb | openbb | — | — |
| openbb | openbb | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6v47-4mgv-qg7f: Cross-site scripting (XSS) vulnerability in codeparse
ghsa_unreviewed·2022-04-30·CVSS 7.5
CVE-2002-1829 [HIGH] GHSA-6v47-4mgv-qg7f: Cross-site scripting (XSS) vulnerability in codeparse
Cross-site scripting (XSS) vulnerability in codeparse.php in Open Bulletin Board (OpenBB) 1.0.0 RC3 allows remote attackers to inject arbitrary web script or HTML via (1) myhome.php, (2) an onerror attribute in an IMG tag (a variant of CVE-2002-0330), or (3) a glow tag.
GHSA
GHSA-w7cx-7ff7-8gxj: Cross-site scripting vulnerability in codeparse
ghsa_unreviewed·2022-04-30
CVE-2002-0330 [HIGH] GHSA-w7cx-7ff7-8gxj: Cross-site scripting vulnerability in codeparse
Cross-site scripting vulnerability in codeparse.php of Open Bulletin Board (OpenBB) 1.0.0 allows remote attackers to execute arbitrary script and steal cookies via Javascript in the IMG tag.
No detection rules found.
Exploit-DB
OpenBB 1.0.0 RC3 - BBCode Cross Agent HTML Injection
exploitdb·2002-05-24
CVE-2002-1829 OpenBB 1.0.0 RC3 - BBCode Cross Agent HTML Injection
OpenBB 1.0.0 RC3 - BBCode Cross Agent HTML Injection
---
source: https://www.securityfocus.com/bid/4819/info
OpenBB is web forum software written in PHP. It will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems.
OpenBB is reportedly vulnerable to HTML injection attacks. The vulnerability occurs when HTML code is replaced with BBCodes.
OpenBB uses 'BBCodes' in the place of HTML code to include images, links etc. However, HTML tags are not adequately replaced from with BBCodes. It is possible to inject arbitrary HTML code into forum messages. As a result, OpenBB is prone to cross-agent scripting attacks. Script code will be executed in the browser of the user viewing the forum message and may allow an attacker to steal cookie-based authentication c
Exploit-DB
OpenBB 1.0.x - Image Tag Cross-Agent Scripting
exploitdb·2002-02-25
CVE-2002-0330 OpenBB 1.0.x - Image Tag Cross-Agent Scripting
OpenBB 1.0.x - Image Tag Cross-Agent Scripting
---
source: https://www.securityfocus.com/bid/4171/info
OpenBB is web forum software written in PHP. It will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems.
OpenBB allows users to include images in forum messages using image tags, with the following syntax:
[img]url of image[/img]
It is possible to inject arbitrary script code into forum messages via these image tags. Script code will be executed in the browser of the user viewing the forum message, in the context of the website running the vulnerable software. This may allow an attacker to steal cookie-based authentication credentials.
[img]javasCript:alert('Hello world.')[/img]
No writeups or analysis indexed.
http://community.iansoft.net/read.php?TID=5159http://marc.info/?l=bugtraq&m=101466092601554&w=2http://www.iss.net/security_center/static/8278.phphttp://www.osvdb.org/5658http://www.securityfocus.com/bid/4171http://community.iansoft.net/read.php?TID=5159http://marc.info/?l=bugtraq&m=101466092601554&w=2http://www.iss.net/security_center/static/8278.phphttp://www.osvdb.org/5658http://www.securityfocus.com/bid/4171
2002-06-25
Published