ID
VAR-200212-0577
CVE
CVE-2002-1702
TITLE
PHP Classifieds Cross-Site Scripting Vulnerability
Trust: 1.5
DESCRIPTION
Cross-site scripting vulnerability (XSS) in DeltaScripts PHP Classifieds 6.0.5 allows remote attackers to execute arbitrary script as other users via the URL parameter. PHP Classifieds is a web-based directory classification program written in PHP. PHP Classifieds lacks proper and sufficient filtering of the parameters submitted by users. An attacker can build a link containing URL parameters of malicious code. When the user views this link, the included malicious script code will be in the user's browser Execution, leading to the leakage of information based on cookie authentication
Trust: 1.71
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | deltascripts | model: | php classifieds | scope: | eq | version: | 6.0.5 | Trust: 1.9 |
| vendor: | none | model: | - | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-Other | Trust: 1.0 |
THREAT TYPE
remote
Trust: 0.6
TYPE
input validation
Trust: 0.6
EXTERNAL IDS
| db: | NVD | id: | CVE-2002-1702 | Trust: 2.2 |
| db: | BID | id: | 5022 | Trust: 1.9 |
| db: | CNVD | id: | CNVD-2002-2878 | Trust: 0.6 |
| db: | XF | id: | 9363 | Trust: 0.6 |
| db: | NSFOCUS | id: | 2984 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-200212-834 | Trust: 0.6 |
REFERENCES
| url: | http://www.securityfocus.com/bid/5022 | Trust: 1.6 |
| url: | http://online.securityfocus.com/archive/1/277049 | Trust: 1.0 |
| url: | https://exchange.xforce.ibmcloud.com/vulnerabilities/9363 | Trust: 1.0 |
| url: | http://xforce.iss.net/xforce/xfdb/9363 | Trust: 0.6 |
| url: | http://www.nsfocus.net/vulndb/2984 | Trust: 0.6 |
CREDITS
§ o m e 1※ exe@FlashMail.com
Trust: 0.6
SOURCES
| db: | CNVD | id: | CNVD-2002-2878 |
| db: | BID | id: | 5022 |
| db: | CNNVD | id: | CNNVD-200212-834 |
| db: | NVD | id: | CVE-2002-1702 |
LAST UPDATE DATE
2024-08-14T13:40:32.832000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2002-2878 | date: | 2002-06-22T00:00:00 |
| db: | BID | id: | 5022 | date: | 2002-06-14T00:00:00 |
| db: | CNNVD | id: | CNNVD-200212-834 | date: | 2005-10-20T00:00:00 |
| db: | NVD | id: | CVE-2002-1702 | date: | 2017-07-11T01:29:20.917 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2002-2878 | date: | 2002-06-14T00:00:00 |
| db: | BID | id: | 5022 | date: | 2002-06-14T00:00:00 |
| db: | CNNVD | id: | CNNVD-200212-834 | date: | 2002-06-14T00:00:00 |
| db: | NVD | id: | CVE-2002-1702 | date: | 2002-12-31T05:00:00 |