CVE-2010-2698

Sijio Community Software - Authenticated Cross-Site Scripting via Title Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2698. PoCs published by Sid3^effects.

AI-analyzed exploit summary This is a technical writeup detailing SQL injection and persistent XSS vulnerabilities in Sijio Community Software. It provides attack patterns, demo URLs, and steps to exploit the vulnerabilities but does not include functional exploit code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Sijio Community Software allow remote authenticated users to inject arbitrary web script or HTML via the title parameter when (1) editing a new blog, (2) adding an album, or (3) editing an album. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Sid3^effects · textwebappsphp
https://www.exploit-db.com/exploits/14260

This is a technical writeup detailing SQL injection and persistent XSS vulnerabilities in Sijio Community Software. It provides attack patterns, demo URLs, and steps to exploit the vulnerabilities but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Sqli | Xss
Complexity
Trivial
Reliability
Reliable
Target: Sijio Community Software
Auth required
Prerequisites: Access to the target application · User registration for XSS exploitation
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/14260
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/60176
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/66154
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/40492

Scores

EPSS 0.0124
EPSS Percentile 65.1%

Details

CWE
CWE-79
Status published
Products (1)
sijio/community_software
Published Jul 12, 2010
Tracked Since Feb 18, 2026