VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 4, 2002· Updated Apr 16, 2026

CVE-2002-0959

CVE-2002-0959

Description

Splatt Forum 3.0 is vulnerable to XSS via crafted image tags, allowing script execution in other users' browsers.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Splatt Forum 3.0 is vulnerable to XSS via crafted image tags, allowing script execution in other users' browsers.

Vulnerability

Splatt Forum version 3.0 is vulnerable to a cross-site scripting (XSS) flaw. The application does not properly filter HTML within image tags, allowing remote attackers to inject arbitrary script code into forum messages. This vulnerability is present in the handling of [img] tags [1].

Exploitation

An attacker can exploit this vulnerability by crafting a forum message containing a malicious [img] tag. This tag must include a closing quote followed by JavaScript code, such as [img]http://a.a/a"onerror="javascript:alert(document.cookie)[/img]. When another user views this message, the injected script will execute in their browser [1].

Impact

Successful exploitation allows an attacker to execute arbitrary script code in the context of the victim user's browser. This can lead to the hijacking of web content or the theft of cookie-based authentication credentials from legitimate users [1].

Mitigation

No specific patched version or release date is mentioned in the available references. Users are advised to check for updates from the vendor or consider alternative solutions. The vulnerability is listed on Exploit-DB [1].

References
  1. Splatt Forum 3.0 - Image Tag HTML Injection

AI Insight generated on Jun 4, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.