CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2002-1894
https://notcve.org/view.php?id=CVE-2002-1894
Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. • http://online.securityfocus.com/archive/1/300362 http://www.iss.net/security_center/static/10653.php http://www.phpbb.com/phpBB/viewtopic.php?t=56283 http://www.securityfocus.com/bid/6195 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2CVE-2002-2349 – PHPBBMod 1.3.3 - PHPInfo Information Disclosure
https://notcve.org/view.php?id=CVE-2002-2349
phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function, which allows remote attackers to obtain sensitive environment information. • https://www.exploit-db.com/exploits/21931 http://www.iss.net/security_center/static/10335.php http://www.securityfocus.com/archive/1/294701 http://www.securityfocus.com/bid/5942 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 2CVE-2002-0902 – PHPBB2 - Image Tag HTML Injection
https://notcve.org/view.php?id=CVE-2002-0902
Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remote attackers to execute Javascript as other phpBB users by including a http:// and a double-quote (") in the [IMG] tag, which bypasses phpBB's security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script. Vulnerabilidad de secuencias de comandos en sitios cruzados en phpBB 2.0.0 (phpBB) permite a atacantes remotos ejecutar Javascript como otros usuarios de phpBB incluyendo http:// y comillas dobles ("") en una etiquieta IMG, lo que evade la comprobación de seguridad de phpBB, termina el parámetro src de la etiqueta HTML IMG, e injecta la secuencia de comandos. • https://www.exploit-db.com/exploits/21486 http://online.securityfocus.com/archive/1/274273 http://www.iss.net/security_center/static/9178.php http://www.securityfocus.com/bid/4858 •
CVSS: 10.0EPSS: 11%CPEs: 4EXPL: 0CVE-2002-0473
https://notcve.org/view.php?id=CVE-2002-0473
db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter. • http://archives.neohapsis.com/archives/bugtraq/2002-03/0221.html http://archives.neohapsis.com/archives/bugtraq/2002-03/0229.html http://online.securityfocus.com/archive/82/262600 http://phpbb.sourceforge.net/phpBB2/viewtopic.php?t=9483 http://prdownloads.sourceforge.net/phpbb/phpBB-2.0.1.zip http://www.iss.net/security_center/static/8476.php http://www.osvdb.org/4268 http://www.securityfocus.com/bid/4380 •
CVSS: 5.1EPSS: 0%CPEs: 7EXPL: 0CVE-2002-0475
https://notcve.org/view.php?id=CVE-2002-0475
Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message. • http://www.iss.net/security_center/static/7459.php http://www.securiteam.com/unixfocus/6W00Q202UM.html http://www.securityfocus.com/bid/4379 •