CVE-2002-2178
published 2002-12-31CVE-2002-2178: Cross-site scripting (XSS) vulnerability in article.php module for phpWebSite 0.8.3 allows remote attackers to execute arbitrary Javascript script via the sid…
PriorityP416medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.75%
75.0th percentile
Cross-site scripting (XSS) vulnerability in article.php module for phpWebSite 0.8.3 allows remote attackers to execute arbitrary Javascript script via the sid parameter, as demonstrated using an IMG tag.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpwebsite | phpwebsite | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
phpWebSite 0.8.3 - 'article.php' Cross-Site Scripting
exploitdb·2002-10-02
CVE-2002-2178 phpWebSite 0.8.3 - 'article.php' Cross-Site Scripting
phpWebSite 0.8.3 - 'article.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/5864/info
phpWebSite is prone to cross-site scripting attacks.
This vulnerability is due to insufficient sanitization of HTML tags from URI parameters processed by the 'article.php' script. As a result, an attacker may construct a malicious link to this script which contains arbitrary HTML and script code.
When the malicious link is visited by a web user, the attacker-supplied code will be executed by their web client in the context of the site hosting the vulnerable software.
http://target/article.php?sid="><Img Src="
Exploit-DB
phpWebSite 0.8.3 - News Message HTML Injection
exploitdb·2002-09-25
CVE-2002-2178 phpWebSite 0.8.3 - News Message HTML Injection
phpWebSite 0.8.3 - News Message HTML Injection
---
source: https://www.securityfocus.com/bid/5802/info
Problems with phpWebSite could make it possible to execute arbitrary script code in a vulnerable client.
phpWebSite does not sufficiently filter potentially malicious HTML code from news posts. As a result, when a user views a news posting that contains malicious HTML code, the code contained in the posted message would be executed in the browser of the vulnerable user. This will occur in the context of the site running the phpWebSite software.
No writeups or analysis indexed.
2002-12-31
Published