[] NeoSense
E X P L O I T S
title author type platform port cve id

Splatt Forum 3.0 - Image Tag HTML Injection

Author: MegaHz
type: webapps
platform: php
port: nan
date_added: 2002-06-06 
date_updated: 2012-09-24 
verified: 1 
codes: CVE-2002-0959;OSVDB-9233 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/4953/info

Splatt Forum does not filter HTML from image tags. This may allow an attacker to inject arbitrary script code in forum messages. Injected script code will be executed in the browser of an arbitrary web user who views the malicious forum message, in the context of the website running Splatt Forum.

This may potentially be exploited to hijack web content or steal cookie-based authentication credentials from legitimate users.

[img]http://a.a/a"onerror="javascript:alert(document.cookie)[/img]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.