CVE-2005-2327

e107 <= 0.617 - Cross-Site Scripting via Nested URL BBCode Tags

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-2327. PoCs published by warlord.

AI-analyzed exploit summary This exploit leverages a stored XSS vulnerability in vBulletin by injecting malicious JavaScript via a crafted URL and style attributes. The payload exfiltrates the victim's cookies to a remote server controlled by the attacker.

Description

Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier allows remote attackers to inject arbitrary web script or HTML via nested [url] BBCode tags.

Exploits (1)

exploitdb WORKING POC VERIFIED

by warlord · textwebappsphp

https://www.exploit-db.com/exploits/1106

View Code ZIP pw:eip

This exploit leverages a stored XSS vulnerability in vBulletin by injecting malicious JavaScript via a crafted URL and style attributes. The payload exfiltrates the victim's cookies to a remote server controlled by the attacker.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: vBulletin (version not specified, likely older versions)

Auth required

Prerequisites: Ability to post a message in a vBulletin forum · Victim interaction required to trigger the payload

MITRE ATT&CK

T1189 - Drive-by Compromise T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1014513

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/1106

Scores

EPSS 0.0273

EPSS Percentile 84.1%

Details

Status published

Products (37)

e107/e107 0.547_beta

e107/e107 0.548_beta

e107/e107 0.549_beta

e107/e107 0.551_beta

e107/e107 0.552_beta

e107/e107 0.553_beta

e107/e107 0.554_beta

e107/e107 0.555_beta

e107/e107 0.600

e107/e107 0.601

... and 27 more

Published Jul 20, 2005

Tracked Since Feb 18, 2026