CVE-2018-9235

MEDIUM

iScripts SonicBB 1.0 - Reflected Cross-Site Scripting via Search Query Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-9235. PoCs published by ManhNho.

AI-analyzed exploit summary This exploit demonstrates a reflected XSS vulnerability in iScripts SonicBB 1.0 via the 'query' parameter in search.php. The PoC shows how malicious JavaScript can be injected and executed in the context of the user's browser.

Description

iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query parameter to search.php.

Exploits (1)

exploitdb WORKING POC

by ManhNho · textwebappsphp

https://www.exploit-db.com/exploits/44434

View Code ZIP pw:eip

This exploit demonstrates a reflected XSS vulnerability in iScripts SonicBB 1.0 via the 'query' parameter in search.php. The PoC shows how malicious JavaScript can be injected and executed in the context of the user's browser.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: iScripts SonicBB 1.0

No auth needed

Prerequisites: Access to the target application's search.php endpoint

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://pastebin.com/caQW37fY

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/44434/

Scores

CVSS v3 6.1

EPSS 0.0261

EPSS Percentile 83.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

iscripts/sonicbb 1.0

Published Apr 04, 2018

Tracked Since Feb 18, 2026