CVE-2005-3412

Elite Forum - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Elite Forum 1.0.0.0 allows remote attackers to inject arbitrary web script or HTML via a Post Reply to a topic, in which the reply contains a javascript: URL in an <img> tag.

Exploits (1)

exploitdb WORKING POC VERIFIED

by gladiator · htmlwebappsphp

https://www.exploit-db.com/exploits/26447

View Code ZIP pw:eip

References (7)

[Mailing List] http://marc.info/?l=full-disclosure&m=113083841308736&w=2

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/15257

[Third Party Advisory] http://securityreason.com/securityalert/136

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/415400/30/0/threaded

[Exploit, Vendor Advisory] http://www.h4cky0u.org/advisories/HYSA-2005-009-elite-forum.txt

[Third Party Advisory] http://www.vupen.com/english/advisories/2005/2260

[Vendor Advisory] http://secunia.com/advisories/17341

Scores

EPSS 0.0859

EPSS Percentile 92.4%

Details

Status published

Products (1)

elite_forum/elite_forum 1.0.0.0

Published Nov 01, 2005

Tracked Since Feb 18, 2026