CVE-2015-1054

Crea8Social 2.0 - Authenticated Stored Cross-Site Scripting via Game Content Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-1054. PoCs published by Yudhistira B W.

AI-analyzed exploit summary This is a writeup describing a stored XSS vulnerability in Crea8Social v2.0, where an attacker can inject malicious JavaScript via the 'Game Content' field to alter the user interface. The PoC demonstrates the vulnerability but does not include executable exploit code.

Description

Cross-site scripting (XSS) vulnerability in the Games feature in Crea8Social 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the Game Content field in Add Game.

Exploits (1)

exploitdb WRITEUP
by Yudhistira B W · textwebappsphp
https://www.exploit-db.com/exploits/35691

This is a writeup describing a stored XSS vulnerability in Crea8Social v2.0, where an attacker can inject malicious JavaScript via the 'Game Content' field to alter the user interface. The PoC demonstrates the vulnerability but does not include executable exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Crea8Social v2.0
Auth required
Prerequisites: Registered user account · Access to the 'Add Game' feature
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/35691
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/99615
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/show/osvdb/116732

Scores

EPSS 0.0293
EPSS Percentile 85.4%

Details

CWE
CWE-79
Status published
Products (1)
crea8social/crea8social 2.0
Published Jan 16, 2015
Tracked Since Feb 18, 2026