CVE-2003-1031

vBulletin 3.0 Beta 2 - Cross-Site Scripting via Optional Profile Fields

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-1031. PoCs published by Ferruh Mavituna.

AI-analyzed exploit summary This exploit demonstrates an HTML injection vulnerability in vBulletin's register.php script. It uses a hidden form and JavaScript to inject malicious script code into the 'field1' parameter, which is then submitted to the server.

Description

Cross-site scripting (XSS) vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as (1) "Interests-Hobbies", (2) "Biography", or (3) "Occupation."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Ferruh Mavituna · textwebappsphp

https://www.exploit-db.com/exploits/22990

View Code ZIP pw:eip

This exploit demonstrates an HTML injection vulnerability in vBulletin's register.php script. It uses a hidden form and JavaScript to inject malicious script code into the 'field1' parameter, which is then submitted to the server.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: vBulletin (version not specified)

No auth needed

Prerequisites: Access to the registration page of a vulnerable vBulletin instance

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Vendor Advisory mailing-list x_refsource_vulnwatch

http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0078.html

Scores

EPSS 0.0139

EPSS Percentile 68.8%

Details

Status published

Published Feb 17, 2004

Tracked Since Feb 18, 2026