CVE-2005-3412

Elite Forum 1.0.0.0 - Stored Cross-Site Scripting via Post Reply Image Tag

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3412. PoCs published by gladiator.

AI-analyzed exploit summary This exploit demonstrates an HTML injection vulnerability in Elite Forum, allowing attackers to inject arbitrary HTML and script code via the 'title' parameter. The PoC provides a form to submit malicious input, which executes in the context of the affected site.

Description

Cross-site scripting (XSS) vulnerability in Elite Forum 1.0.0.0 allows remote attackers to inject arbitrary web script or HTML via a Post Reply to a topic, in which the reply contains a javascript: URL in an <img> tag.

Exploits (1)

exploitdb WORKING POC VERIFIED

by gladiator · htmlwebappsphp

https://www.exploit-db.com/exploits/26447

View Code ZIP pw:eip

This exploit demonstrates an HTML injection vulnerability in Elite Forum, allowing attackers to inject arbitrary HTML and script code via the 'title' parameter. The PoC provides a form to submit malicious input, which executes in the context of the affected site.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Elite Forum (version not specified)

No auth needed

Prerequisites: Access to the vulnerable Elite Forum instance

MITRE ATT&CK