CVE-2003-0295

vBulletin 3.0.0 Beta 2 - Cross-Site Scripting via Preview Message

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0295. PoCs published by Ferruh Mavituna.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in vBulletin 3.0.0 beta 2 by injecting malicious JavaScript into a private message. The script executes when the victim previews the message, potentially stealing cookies or performing other malicious actions.

Description

Cross-site scripting (XSS) vulnerability in private.php for vBulletin 3.0.0 Beta 2 allows remote attackers to inject arbitrary web script and HTML via the "Preview Message" capability.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Ferruh Mavituna · htmlwebappsphp
https://www.exploit-db.com/exploits/22599

This exploit demonstrates a stored XSS vulnerability in vBulletin 3.0.0 beta 2 by injecting malicious JavaScript into a private message. The script executes when the victim previews the message, potentially stealing cookies or performing other malicious actions.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: vBulletin 3.0.0 beta 2
Auth required
Prerequisites: Access to a vBulletin 3.0.0 beta 2 private messaging system · Ability to send private messages to a target user
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=105293890422210&w=2
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=105292832607981&w=2

Scores

EPSS 0.0163
EPSS Percentile 73.2%

Details

Status published
Products (1)
jelsoft/vbulletin 3.0.0_beta_2
Published Jun 16, 2003
Tracked Since Feb 18, 2026