CVE-2002-0535
published 2002-07-03CVE-2002-0535: Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier allows remote attackers to execute script as other users via (1) an [IMG] tag when BBCode…
PriorityP423medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
7.36%
93.6th percentile
Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier allows remote attackers to execute script as other users via (1) an [IMG] tag when BBCode is enabled, or (2) in a topic title.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| postboard | postboard | — | — |
| postboard | postboard | — | — |
| postnuke_software_foundation | postnuke | — | — |
| postnuke_software_foundation | postnuke | — | — |
| postnuke_software_foundation | postnuke | — | — |
| postnuke_software_foundation | postnuke | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
PostBoard 2.0 - Topic Title Script Execution
exploitdb·2002-04-19
CVE-2002-0535 PostBoard 2.0 - Topic Title Script Execution
PostBoard 2.0 - Topic Title Script Execution
---
source: https://www.securityfocus.com/bid/4561/info
PostBoard is a freely available, open source message board module for the PostNuke content management system. It is designed for use on the Unix and Linux operating systems.
PostBoard does not adequately sanitize input by board users. Because of this, it is possible for users of the board to insert script code in message titles.
The following code is proof of concept:
alert('give me cookies');
Exploit-DB
PostBoard 2.0 - BBCode IMG Tag Script Injection
exploitdb·2002-04-19
CVE-2002-0535 PostBoard 2.0 - BBCode IMG Tag Script Injection
PostBoard 2.0 - BBCode IMG Tag Script Injection
---
source: https://www.securityfocus.com/bid/4559/info
PostBoard is a freely available, open source message board module for the PostNuke content management system. It is designed for use on the Unix and Linux operating systems.
PostBoard does not sanitize code submitted to site between IMG tags. Due to this, a malicious user may be able to submit a post to the site with script code between two IMG tags.
The following code is proof of concept:
[IMG]javascript:alert('give me cookies');[/IMG]
No writeups or analysis indexed.
http://online.securityfocus.com/archive/1/267936http://www.iss.net/security_center/static/8881.phphttp://www.securityfocus.com/bid/4559http://www.securityfocus.com/bid/4561https://exchange.xforce.ibmcloud.com/vulnerabilities/8884http://online.securityfocus.com/archive/1/267936http://www.iss.net/security_center/static/8881.phphttp://www.securityfocus.com/bid/4559http://www.securityfocus.com/bid/4561https://exchange.xforce.ibmcloud.com/vulnerabilities/8884
2002-07-03
Published