CVE-2002-1455

OmniHTTPd - Cross-Site Scripting via test.php, test.shtml, or redir.exe

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2002-1455. PoCs published by Matthew Murphy.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in OmniHTTPD's sample scripts (test.shtml and test.php) by injecting a script tag via URL parameters. The vulnerability allows arbitrary JavaScript execution in the context of the victim's browser.

Description

Multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd allow remote attackers to insert script or HTML into web pages via (1) test.php, (2) test.shtml, or (3) redir.exe.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Matthew Murphy · textremotewindows
https://www.exploit-db.com/exploits/21754

This exploit demonstrates a cross-site scripting (XSS) vulnerability in OmniHTTPD's sample scripts (test.shtml and test.php) by injecting a script tag via URL parameters. The vulnerability allows arbitrary JavaScript execution in the context of the victim's browser.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: OmniHTTPD (sample scripts test.shtml and test.php)
No auth needed
Prerequisites: Victim must visit a crafted URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Matthew Murphy · textremotewindows
https://www.exploit-db.com/exploits/21753

This exploit demonstrates a cross-site scripting (XSS) vulnerability in OmniHTTPD's sample scripts (test.php and test.shtml) by injecting a script tag via URL-encoded parameters. The PoC triggers a JavaScript alert to confirm the vulnerability.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: OmniHTTPD (version not specified)
No auth needed
Prerequisites: Access to the vulnerable web server · Sample scripts (test.php or test.shtml) must be present
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-08/0263.html
Exploit, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-08/0264.html
Exploit, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-08/0266.html

Scores

EPSS 0.0394
EPSS Percentile 89.0%

Details

Status published
Products (1)
omnicron/omnihttpd
Published Jun 09, 2003
Tracked Since Feb 18, 2026