[] NeoSense
E X P L O I T S
title author type platform port cve id

phpGB 1.1 - HTML Injection

Author: ppp-design
type: webapps
platform: php
port: 
date_added: 2002-09-09 
date_updated: 2012-10-07 
verified: 1 
codes: CVE-2002-1480;OSVDB-9215 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/5676/info

phpGB is subject to HTML injection attacks.

phpGB fails to check for the presence of HTML tags when generating guestbook entries. It is reported that an attacker may inject HTML and script code into guestbook entries, which will be executed in the web client of the administrative guestbook user when the admin attempts to delete the entry.

Enter the following guestbookentry:

"delete me <script>alert(document.cookie)</script>"
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.