CVE-2002-0118

Name of the Vulnerable Software and Affected Versions Infopop Ultimate Bulletin Board (UBB) version 6.2.0 Beta Release 1.0

Description The issue allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag.

Recommendations For Infopop Ultimate Bulletin Board (UBB) version 6.2.0 Beta Release 1.0, consider disabling the ability to post messages containing IMG tags until a patch is available. Restrict access to sensitive areas of the board to minimize the risk of exploitation. Avoid allowing users to post encoded Javascript in messages. At the moment, there is no information about a newer version that contains a fix for this vulnerability.