CVE-2018-17997

MEDIUM

LayerBB 1.1.1 - Stored Cross-Site Scripting via Conversation Title

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-17997. PoCs published by 0xB9.

AI-analyzed exploit summary This is a writeup describing a stored XSS vulnerability in LayerBB 1.1.1, where malicious JavaScript can be injected into the title of private messages (PMs). The payload executes when the victim views the conversation.

Description

LayerBB 1.1.1 allows XSS via the titles of conversations (PMs).

Exploits (1)

exploitdb WRITEUP

by 0xB9 · textwebappsphp

https://www.exploit-db.com/exploits/46079

View Code ZIP pw:eip

This is a writeup describing a stored XSS vulnerability in LayerBB 1.1.1, where malicious JavaScript can be injected into the title of private messages (PMs). The payload executes when the victim views the conversation.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: LayerBB 1.1.1

Auth required

Prerequisites: Valid user account to send a private message

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/151015/LayerBB-1.1.1-Cross-Site-Scripting.html

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/46079/

Patch, Third Party Advisory x_refsource_confirm

https://github.com/AndyRixon/LayerBB/commits/master

Scores

CVSS v3 6.1

EPSS 0.0358

EPSS Percentile 87.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

layerbb/layerbb 1.1.1

Published Mar 21, 2019

Tracked Since Feb 18, 2026