Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-0535

5 documents4 sources
Severity
5.0MEDIUM
EPSS
7.9%
top 7.95%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Postboard PostboardPostnuke Software Foundation Postnuke
Timeline
PublishedJul 3
Latest updateApr 30

Description

Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier allows remote attackers to execute script as other users via (1) an [IMG] tag when BBCode is enabled, or (2) in a topic title.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDpostboard/postboard2.0, 2.0.1+1

Patches

Patch: online.securityfocus.comPatch: www.securityfocus.comPatch: online.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-rg69-mc23-3q8q: Cross-site scripting vulnerabilities in PostBoard 22022-04-30
CVEList
CVE-2002-0535: Cross-site scripting vulnerabilities in PostBoard 22002-06-11

💥Exploits & PoCs

2
Exploit-DB
PostBoard 2.0 - Topic Title Script Execution2002-04-19
Exploit-DB
PostBoard 2.0 - BBCode IMG Tag Script Injection2002-04-19
CVE-2002-0535 (MEDIUM CVSS 5) | Cross-site scripting vulnerabilitie | cvebase.io