CVE-2002-2230

Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows remote attackers to inject arbitrary web script or HTML via a private message with a javascript: URL in the IMG tag, in which the URL ends in a ".gif" or ".jpg" string, a variant of CVE-2002-0328.

Published: Dec 31, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-2230
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
ikonboard / ikonboard	3.1.1	3.1.1.x

http://archives.neohapsis.com/archives/bugtraq/2002-10/0069.html
http://www.iss.net/security_center/static/10268.php

Vulnerability Database

289,697

CVE-2002-2230