EIP-2026-112986

PRE-CVE

vBulletin 3.0.0 - Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112986. PoCs published by ROOT_EGY.

AI-analyzed exploit summary The document describes multiple XSS vulnerabilities in vBulletin versions 3.0.0 to 3.5.4, including examples of malicious scripts injected via URL parameters. It provides technical details on how the vulnerabilities can be exploited but does not include functional exploit code.

Description

vBulletin 3.0.0 - Cross-Site Scripting

Exploits (1)

exploitdb WRITEUP

by ROOT_EGY · textwebappsphp

https://www.exploit-db.com/exploits/11395

View Code ZIP pw:eip

The document describes multiple XSS vulnerabilities in vBulletin versions 3.0.0 to 3.5.4, including examples of malicious scripts injected via URL parameters. It provides technical details on how the vulnerabilities can be exploited but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: vBulletin 3.0.0 to 3.5.4

No auth needed

Prerequisites: Access to a vulnerable vBulletin instance

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026