CVE-2003-0763

Escapade Scripting Engine - Cross-Site Scripting via Method Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0763. PoCs published by Bahaa Naamneh.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Escapade due to insufficient sanitization of user-supplied input. The PoC shows how an attacker can inject arbitrary HTML code via the PAGE parameter in the CGI script.

Description

Cross-site scripting (XSS) vulnerability in Escapade Scripting Engine (ESP) allows remote attackers to inject arbitrary script via the method parameter, as demonstrated using the PAGE parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Bahaa Naamneh · textwebappscgi

https://www.exploit-db.com/exploits/23127

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Escapade due to insufficient sanitization of user-supplied input. The PoC shows how an attacker can inject arbitrary HTML code via the PAGE parameter in the CGI script.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Escapade (version not specified)

No auth needed

Prerequisites: A vulnerable Escapade installation · A user who clicks on a malicious link

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=106312344631197&w=2

Scores

EPSS 0.0265

EPSS Percentile 83.7%

Details

Status published

Products (1)

squished_mosquito/escapade

Published Sep 17, 2003

Tracked Since Feb 18, 2026