CVE-2002-0475 — Cross-site Scripting in Group Phpbb

2 documents2 sources

Severity

5.1MEDIUMNVD

EPSS

0.8%

top 25.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpbb Group Phpbb

Timeline

PublishedAug 12

Latest updateApr 30

Description

Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages1 packages

▶NVDphpbb_group/phpbb7 versions+6

🔴Vulnerability Details

GHSA

GHSA-vmc9-j29j-7qxf: Cross-site scripting vulnerability in phpBB 1↗2022-04-30

▶