CVE-2003-0590

splatt_forum - Stored Cross-Site Scripting via Post Icon Image Subject Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0590. PoCs published by Lethalman.

AI-analyzed exploit summary This exploit demonstrates an HTML injection vulnerability in Splatt Forum by modifying a post form to include arbitrary HTML code in the post icon value. The injected code is executed in the context of the vulnerable site when viewed by other users.

Description

Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote attackers to insert arbitrary HTML and web script via the post icon (image_subject) field.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Lethalman · htmlwebappsphp
https://www.exploit-db.com/exploits/22910

This exploit demonstrates an HTML injection vulnerability in Splatt Forum by modifying a post form to include arbitrary HTML code in the post icon value. The injected code is executed in the context of the vulnerable site when viewed by other users.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Splatt Forum (version not specified)
Auth required
Prerequisites: Access to a valid Splatt Forum account · Ability to submit a post
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=105830019209609&w=2

Scores

EPSS 0.0220
EPSS Percentile 80.2%

Details

Status published
Products (1)
splatt/splatt_forum
Published Aug 18, 2003
Tracked Since Feb 18, 2026