CVE-2005-2441

vbzoom - Cross-Site Scripting via UserName or UserID Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-2441. PoCs published by almaster.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in VBZooM Forum by injecting arbitrary JavaScript code via the UserName parameter in the profile.php page. The PoC uses a simple alert to display the user's cookies, proving the vulnerability.

Description

Multiple cross-site scripting (XSS) vulnerabilities in VBzoom allow remote attackers to inject arbitrary web script and HTML via the (1) UserName parameter to profile.php or (2) UserID parameter to login.php.

Exploits (2)

exploitdb WORKING POC VERIFIED

by almaster · textwebappsphp

https://www.exploit-db.com/exploits/26049

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in VBZooM Forum by injecting arbitrary JavaScript code via the UserName parameter in the profile.php page. The PoC uses a simple alert to display the user's cookies, proving the vulnerability.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: VBZooM Forum (version not specified)

No auth needed

Prerequisites: Access to the target VBZooM Forum instance · User interaction to trigger the XSS payload

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →