EIP-2026-113018

PRE-CVE

vBulletin Blog 4.0.2 - Title Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113018. PoCs published by FormatXformat.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in vBulletin Blog 4.0.2 by injecting malicious JavaScript into the blog post title field. The payload executes when the victim navigates to the main page, confirming the vulnerability.

Description

vBulletin Blog 4.0.2 - Title Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC VERIFIED

by FormatXformat · textwebappsphp

https://www.exploit-db.com/exploits/11871

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in vBulletin Blog 4.0.2 by injecting malicious JavaScript into the blog post title field. The payload executes when the victim navigates to the main page, confirming the vulnerability.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: vBulletin Blog 4.0.2

Auth required

Prerequisites: Valid user account on the target vBulletin instance · Access to the blog creation page

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026