CVE-2002-1965

Imatix Xitami 2.5b4 and 2.5b5 - Cross-Site Scripting via User-Agent Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1965. PoCs published by Matthew Murphy.

AI-analyzed exploit summary This is a writeup describing a cross-site scripting (XSS) vulnerability in Imatix Xitami webserver. The vulnerability allows attackers to embed script code in error pages by crafting a malicious URL, which executes in the context of the hosted site when accessed by a user.

Description

Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix Xitami 2.5b4 and 2.5b5 allows remote attackers to inject arbitrary web script or HTML via the (1) Javascript events, as demonstrated via an onerror event in an IMG SRC tag or (2) User-Agent field in an HTTP GET request.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Matthew Murphy · textremotewindows
https://www.exploit-db.com/exploits/21554

This is a writeup describing a cross-site scripting (XSS) vulnerability in Imatix Xitami webserver. The vulnerability allows attackers to embed script code in error pages by crafting a malicious URL, which executes in the context of the hosted site when accessed by a user.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Imatix Xitami webserver
No auth needed
Prerequisites: A vulnerable version of Imatix Xitami webserver · Ability to craft and deliver a malicious URL to a victim
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://online.securityfocus.com/archive/1/279269
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://online.securityfocus.com/archive/1/277058
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5025

Scores

EPSS 0.0173
EPSS Percentile 74.7%

Details

Status published
Products (2)
imatix/xitami 2.5_b4
imatix/xitami 2.5_b5
Published Dec 31, 2002
Tracked Since Feb 18, 2026