CVE-2004-2510

UBB.threads < 6.5 - Cross-Site Scripting via Cat Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2510. PoCs published by dw. & ms..

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in UBB.threads by crafting a malicious URI that injects JavaScript code into the 'Cat' parameter of 'showflat.php'. The script executes arbitrary JavaScript in the context of the victim's browser, potentially stealing cookies or other sensitive data.

Description

Cross-site scripting (XSS) vulnerability in showflat.php in Infopop UBB.Threads before 6.5 allows remote attackers to inject arbitrary web script or HTML via the Cat parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by dw. & ms. · textwebappsphp

https://www.exploit-db.com/exploits/24824

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in UBB.threads by crafting a malicious URI that injects JavaScript code into the 'Cat' parameter of 'showflat.php'. The script executes arbitrary JavaScript in the context of the victim's browser, potentially stealing cookies or other sensitive data.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: UBB.threads versions 6.2.3 and 6.5

No auth needed

Prerequisites: Victim must click on a crafted malicious link

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Exploit, Patch vdb-entry x_refsource_osvdb

http://www.osvdb.org/12364

Exploit vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1012503

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/11900

Exploit, Vendor Advisory mailing-list x_refsource_fulldisc

http://archives.neohapsis.com/archives/fulldisclosure/2004-12/0239.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/13452

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/18432

Scores

EPSS 0.0392

EPSS Percentile 89.0%

Details

Status published

Products (17)

ubbcentral/ubb.threads 6.0

ubbcentral/ubb.threads 6.0.1

ubbcentral/ubb.threads 6.0.2

ubbcentral/ubb.threads 6.0.3

ubbcentral/ubb.threads 6.1

ubbcentral/ubb.threads 6.1.1

ubbcentral/ubb.threads 6.2

ubbcentral/ubb.threads 6.2.1

ubbcentral/ubb.threads 6.2.2

ubbcentral/ubb.threads 6.2.3

... and 7 more

Published Dec 31, 2004

Tracked Since Feb 18, 2026