CVE-2002-0902

Name of the Vulnerable Software and Affected Versions: phpBB version 2.0.0

Description: The issue allows remote attackers to execute Javascript as other phpBB users. This is achieved by including a http:// and a double-quote (") in the [IMG] tag, which bypasses the security check, terminates the src parameter of the resulting HTML IMG tag, and injects the script.

Recommendations: For phpBB version 2.0.0, update to a newer version that addresses this issue to prevent remote attackers from executing Javascript as other phpBB users.