CVE-2002-2318

Falcon Web Server 2.0.0.1009-2.0.0.1021 - Cross-Site Scripting via URI in Error Messages

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-2318. PoCs published by Matt Murphy.

AI-analyzed exploit summary This is a writeup describing XSS vulnerabilities in Falcon Webserver where HTML tags are not sanitized in error messages. It provides example URLs to exploit 301 and 404 error pages for arbitrary script execution.

Description

Cross-site scripting (XSS) vulnerability in Falcon web server 2.0.0.1009 through 2.0.0.1021 allows remote attackers to inject arbitrary web script or HTML via the URI, which is inserted into 301 error messages and executed by 404 error messages.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Matt Murphy · textremotewindows
https://www.exploit-db.com/exploits/21698

This is a writeup describing XSS vulnerabilities in Falcon Webserver where HTML tags are not sanitized in error messages. It provides example URLs to exploit 301 and 404 error pages for arbitrary script execution.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Falcon Webserver
No auth needed
Prerequisites: Access to a vulnerable Falcon Webserver instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit mailing-list x_refsource_bugtraq
http://seclists.org/lists/bugtraq/2002/Aug/0158.html
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/9812.php
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5435

Scores

EPSS 0.0145
EPSS Percentile 70.1%

Details

CWE
CWE-79
Status published
Products (4)
blueface/falcon_web_server 2.0.0.1009
blueface/falcon_web_server 2.0.0.1020
blueface/falcon_web_server 2.0.0.1021
blueface/falcon_web_server 2.0.0.1021_ssl
Published Dec 31, 2002
Tracked Since Feb 18, 2026