CVE-2005-3544

XMB 1.9.3 - Cross-Site Scripting via u2u.php Username Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-3544. PoCs published by GulfTech Security, HACKERS PAL.

AI-analyzed exploit summary The provided text describes an XSS vulnerability in XMB Forum, where user-supplied input is not properly sanitized. The example URL demonstrates a potential attack vector using an iframe injection via the 'username' parameter.

Description

Cross-site scripting (XSS) vulnerability in u2u.php in XMB 1.9.3 allows remote attackers to inject arbitrary web script or HTML via the username parameter.

Exploits (2)

exploitdb WRITEUP VERIFIED

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/27206

View Code ZIP pw:eip

The provided text describes an XSS vulnerability in XMB Forum, where user-supplied input is not properly sanitized. The example URL demonstrates a potential attack vector using an iframe injection via the 'username' parameter.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Theoretical

Target: XMB Forum (version not specified)

No auth needed

Prerequisites: Access to the target application · User interaction may be required

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by HACKERS PAL · textwebappsphp

https://www.exploit-db.com/exploits/26477

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in XMB, where user-supplied input via the 'username' parameter in 'u2u.php' is not properly sanitized. An attacker can exploit this to execute arbitrary script code in the context of the affected site.