CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2CVE-2002-1845 – YaBB 1.40/1.41 - Login Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-1845
Cross-site scripting (XSS) vulnerability in index.php in Yet Another Bulletin Board (YaBB) 1.40 and 1.41 allows remote attackers to inject arbitrary web script or HTML via the password (passwrd) parameter. • https://www.exploit-db.com/exploits/21950 http://online.securityfocus.com/archive/1/296121 http://www.iss.net/security_center/static/10406.php http://www.securityfocus.com/bid/6004 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2002-1846
https://notcve.org/view.php?id=CVE-2002-1846
Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a user to submit the correct password before changing it to a new password, which allows remote attackers to modify passwords by stealing the cookie of another user, modifying the expiretime setting, and submitting the change in a profile2 action to index.php. • http://online.securityfocus.com/archive/1/296121 •
CVSS: 7.5EPSS: 9%CPEs: 4EXPL: 3CVE-2002-0117 – YaBB 9.1.2000 - Cross-Agent Scripting
https://notcve.org/view.php?id=CVE-2002-0117
Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and earlier allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag. Vulnerabilidad Cross-site todavía en el Bulletin Board de (YaBB) 1 Gold SP 1 y anteriores permite a atacantes remotos ejecutar scripts arbitrarios y cookiess de robo vía un mensaje que contiene Javascript codificado en una etiqueta IMG. • https://www.exploit-db.com/exploits/21208 http://online.securityfocus.com/archive/1/249031 http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3828 http://www.iss.net/security_center/static/7840.php http://www.osvdb.org/2019 http://www.yabbforum.com •