CVE-2002-0733

thttpd <= 2.20 - Cross-Site Scripting via 404 Error Page

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0733. PoCs published by frog.

AI-analyzed exploit summary The provided text describes a Cross-Site Scripting (XSS) vulnerability in thttpd versions up to 2.20b. The vulnerability arises from insufficient URL sanitization when generating error pages, allowing script injection.

Description

Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message.

Exploits (1)

exploitdb WRITEUP VERIFIED
by frog · textremotelinux
https://www.exploit-db.com/exploits/21422

The provided text describes a Cross-Site Scripting (XSS) vulnerability in thttpd versions up to 2.20b. The vulnerability arises from insufficient URL sanitization when generating error pages, allowing script injection.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: thttpd 2.20b
No auth needed
Prerequisites: A vulnerable version of thttpd · Ability to craft a malicious URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Various Sources x_refsource_misc
http://www.ifrance.com/kitetoua/tuto/5holes1.txt
Various Sources x_refsource_confirm
http://www.acme.com/software/thttpd/#releasenotes
Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/9029.php
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/4601
Vendor Advisory mailing-list x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0155.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/5125

Scores

EPSS 0.0803
EPSS Percentile 94.0%

Details

Status published
Products (1)
acme_labs/thttpd 2.20b
Published Aug 12, 2002
Tracked Since Feb 18, 2026