Description
Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a usersrecentposts action.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by trueend5 · textwebappsphp
https://www.exploit-db.com/exploits/25199
References (2)
Core 2
Core References
Vendor Advisory vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1013420
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/12756
Scores
EPSS
0.0049
EPSS Percentile
65.5%
Details
Status
published
Products (1)
yabb/yabb
2.0_rc1
Published
Mar 08, 2005
Tracked Since
Feb 18, 2026