CVE-2009-4554

Snitz Forums 2000 3.4.07 - Cross-Site Scripting via IMG or Sound Tag Onload Attribute

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2009-4554. PoCs published by Andrea Fabrizi.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Snitz Forums 2000 by injecting malicious JavaScript code via the [sound] BBCode tag. The payload executes an alert with the user's cookies, proving arbitrary script execution in the context of the affected site.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Snitz Forums 2000 3.4.07 allow remote attackers to inject arbitrary web script or HTML via (1) the url parameter to pop_send_to_friend.asp, related to a crafted onload attribute of an IMG element; or (2) an onload attribute in a sound tag.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Andrea Fabrizi · textwebappsphp
https://www.exploit-db.com/exploits/33291

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Snitz Forums 2000 by injecting malicious JavaScript code via the [sound] BBCode tag. The payload executes an alert with the user's cookies, proving arbitrary script execution in the context of the affected site.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Snitz Forums 2000 3.4.07
No auth needed
Prerequisites: Access to a vulnerable Snitz Forums 2000 instance · Ability to post or inject malicious BBCode
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Andrea Fabrizi · textwebappsphp
https://www.exploit-db.com/exploits/33290

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Snitz Forums 2000 by injecting malicious JavaScript code via the 'url' parameter in the 'pop_send_to_friend.asp' page. The payload triggers an alert with the document cookie, proving the vulnerability.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Snitz Forums 2000 3.4.07
No auth needed
Prerequisites: Access to the vulnerable Snitz Forums 2000 instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Andrea Fabrizi · textwebappsasp
https://www.exploit-db.com/exploits/9856

This exploit demonstrates multiple XSS vulnerabilities in Snitz Forums 2000 version 3.4.07, including persistent XSS via the [sound] tag and reflected XSS via a crafted URL. The PoC uses simple JavaScript payloads to trigger alerts with document.cookie.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Snitz Forums 2000 3.4.07
No auth needed
Prerequisites: Target application with vulnerable version · Ability to submit crafted input (forum post or URL)
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/507207/100/0/threaded
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/36710
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/2957
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/53804
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35733
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/53803

Scores

EPSS 0.0176
EPSS Percentile 75.2%

Details

CWE
CWE-79
Status published
Products (1)
snitz_communications/snitz_forums_2000 3.4.07
Published Jan 04, 2010
Tracked Since Feb 18, 2026