CVE-2005-0741

YaBB 2.0 RC1 - Cross-Site Scripting via Username Parameter in Usersrecentposts Action

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-0741. PoCs published by trueend5.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in YaBB by injecting malicious JavaScript via the 'username' parameter in the 'usersrecentposts' action. The PoC uses an IFRAME with a JavaScript URI to trigger an alert, proving arbitrary script execution.

Description

Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a usersrecentposts action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by trueend5 · textwebappsphp

https://www.exploit-db.com/exploits/25199

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in YaBB by injecting malicious JavaScript via the 'username' parameter in the 'usersrecentposts' action. The PoC uses an IFRAME with a JavaScript URI to trigger an alert, proving arbitrary script execution.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: YaBB (version not specified)

No auth needed

Prerequisites: A vulnerable YaBB installation · User interaction to visit the crafted URL

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1013420

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/12756

Scores

EPSS 0.0143

EPSS Percentile 69.5%

Details

Status published

Products (1)

yabb/yabb 2.0_rc1

Published Mar 08, 2005

Tracked Since Feb 18, 2026