CVE-2012-6666

MEDIUM

vBSeo < 3.8.7 - Cross-Site Scripting via member.php u Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-6666. PoCs published by MegaMan.

AI-analyzed exploit summary The exploit demonstrates a reflected XSS vulnerability in vBSEO due to insufficient input sanitization. The PoC provides malicious URLs that inject JavaScript to redirect users to an attacker-controlled site.

Description

vBSeo before 3.6.0PL2 allows XSS via the member.php u parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by MegaMan · textwebappsphp
https://www.exploit-db.com/exploits/37944

The exploit demonstrates a reflected XSS vulnerability in vBSEO due to insufficient input sanitization. The PoC provides malicious URLs that inject JavaScript to redirect users to an attacker-controlled site.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: vBSEO 3.8.7
No auth needed
Prerequisites: User interaction required to click malicious link
MITRE ATT&CK
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/37944
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.securityfocus.com/bid/55908

Scores

CVSS v3 6.1
EPSS 0.0086
EPSS Percentile 54.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
vbseo/vbseo < 3.8.7
Published Feb 10, 2020
Tracked Since Feb 18, 2026