CVE-2005-0629

427BB 2.2 - Cross-Site Scripting via User or Avatar Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-0629. PoCs published by Hackerlounge Research Group.

AI-analyzed exploit summary The provided text describes an HTML injection vulnerability in 427BB, where unsanitized user input in the 'user' parameter of profile.php can be exploited to inject arbitrary HTML or script code. This could lead to cookie theft or other client-side attacks.

Description

Multiple cross-site scripting (XSS) vulnerabilities in profile.php in 427BB 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) Avatar parameters.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Hackerlounge Research Group · textwebappsphp
https://www.exploit-db.com/exploits/25178

The provided text describes an HTML injection vulnerability in 427BB, where unsanitized user input in the 'user' parameter of profile.php can be exploited to inject arbitrary HTML or script code. This could lead to cookie theft or other client-side attacks.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: 427BB (all versions)
No auth needed
Prerequisites: Access to the vulnerable profile.php endpoint
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/14434
Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/12693
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110970911514167&w=2
Vendor Advisory vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1013337
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/19546
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110970474726113&w=2

Scores

EPSS 0.0213
EPSS Percentile 79.7%

Details

Status published
Products (8)
427bb/fourtwosevenbb 2.0
427bb/fourtwosevenbb 2.0.1
427bb/fourtwosevenbb 2.1
427bb/fourtwosevenbb 2.1.1
427bb/fourtwosevenbb 2.1.2
427bb/fourtwosevenbb 2.1.3
427bb/fourtwosevenbb 2.2
427bb/fourtwosevenbb 2.2.1
Published Mar 01, 2005
Tracked Since Feb 18, 2026