CVE-2004-0254

Discuz! Board 2.x and 3.x - Cross-Site Scripting via IMG Tag

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-0254. PoCs published by Cheng Peng Su.

AI-analyzed exploit summary This exploit demonstrates a Cross-Site Scripting (XSS) vulnerability in Discuz! by injecting malicious JavaScript code via an image tag in user messages. The payload steals cookie-based authentication credentials when rendered in a victim's browser.

Description

Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x allows remote attackers to execute arbitrary script as other users via an img tag.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Cheng Peng Su · textwebappsphp
https://www.exploit-db.com/exploits/23653

This exploit demonstrates a Cross-Site Scripting (XSS) vulnerability in Discuz! by injecting malicious JavaScript code via an image tag in user messages. The payload steals cookie-based authentication credentials when rendered in a victim's browser.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Discuz! (version not specified)
No auth needed
Prerequisites: User ability to post messages with embedded links
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9584
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15066
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107606726417150&w=2

Scores

EPSS 0.0199
EPSS Percentile 78.1%

Details

Status published
Products (2)
crosscom_olicom/discuz 2.0
crosscom_olicom/discuz 3.0
Published Nov 23, 2004
Tracked Since Feb 18, 2026