CVE-2003-1088
Zorum 3.4 and 3.5 - Cross-Site Scripting via Method Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2003-1088. PoCs published by G00db0y.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in PHPOutSourcing Zorum's index.php script. The vulnerability allows an attacker to inject arbitrary HTML and script code via the 'method' parameter.
Description
Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 and 3.5 allows remote attackers to inject arbitrary web script or HTML via the method parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by G00db0y · textwebappsphp
https://www.exploit-db.com/exploits/23011
This exploit demonstrates a cross-site scripting (XSS) vulnerability in PHPOutSourcing Zorum's index.php script. The vulnerability allows an attacker to inject arbitrary HTML and script code via the 'method' parameter.
Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
PHPOutSourcing Zorum
No auth needed
Prerequisites:
A vulnerable version of PHPOutSourcing Zorum · Ability to craft a malicious URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (5)
Core 5
Core References
Exploit, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/8388
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/9497
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=106063199925536&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/12867
Exploit, Vendor Advisory vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1013365
Scores
EPSS
0.0174
EPSS Percentile
74.7%
Details
Status
published
Products (6)
phpoutsourcing/zorum
3.0
phpoutsourcing/zorum
3.1
phpoutsourcing/zorum
3.2
phpoutsourcing/zorum
3.3
phpoutsourcing/zorum
3.4
phpoutsourcing/zorum
3.5
Published
Aug 11, 2003
Tracked Since
Feb 18, 2026