Description
Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix Xitami 2.5b4 and 2.5b5 allows remote attackers to inject arbitrary web script or HTML via the (1) Javascript events, as demonstrated via an onerror event in an IMG SRC tag or (2) User-Agent field in an HTTP GET request.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Matthew Murphy · textremotewindows
https://www.exploit-db.com/exploits/21554
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://online.securityfocus.com/archive/1/279269
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://online.securityfocus.com/archive/1/277058
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/5025
Scores
EPSS
0.0040
EPSS Percentile
60.8%
Details
Status
published
Products (2)
imatix/xitami
2.5_b4
imatix/xitami
2.5_b5
Published
Dec 31, 2002
Tracked Since
Feb 18, 2026