CVE-2002-1683

BadBlue Personal Edition 1.7.3 - Cross-Site Scripting via cleanSearchString() Function

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1683. PoCs published by Matthew Murphy.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in BadBlue's EXT.DLL due to unsanitized user input being passed to the client-side cleanSearchString function. The PoC shows how arbitrary JavaScript can be executed in the context of the victim's browser.

Description

Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition 1.7.3 allows remote attackers to execute arbitrary script as other users by injecting script into the cleanSearchString() function.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Matthew Murphy · textremotewindows
https://www.exploit-db.com/exploits/21599

This exploit demonstrates a cross-site scripting (XSS) vulnerability in BadBlue's EXT.DLL due to unsanitized user input being passed to the client-side cleanSearchString function. The PoC shows how arbitrary JavaScript can be executed in the context of the victim's browser.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: BadBlue P2P file sharing application (version not specified)
No auth needed
Prerequisites: Victim must interact with a malicious link or input
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5179
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://online.securityfocus.com/archive/1/281141
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/9514

Scores

EPSS 0.0173
EPSS Percentile 74.7%

Details

Status published
Products (1)
working_resources_inc./badblue personal_1.7.3
Published Dec 31, 2002
Tracked Since Feb 18, 2026