CVE-2003-1513

Resin 2.0-2.1.2 - Cross-Site Scripting via Example Script Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-1513. PoCs published by Donnie Werner.

AI-analyzed exploit summary The provided text describes multiple HTML injection and cross-site scripting (XSS) vulnerabilities in Caucho Resin's JSP scripts. It includes example payloads for exploitation but lacks executable code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in example scripts in Caucho Technology Resin 2.0 through 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) env.jsp, (2) form.jsp, (3) session.jsp, (4) the move parameter to tictactoe.jsp, or the (5) name or (6) comment fields to guestbook.jsp.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Donnie Werner · textwebappsjsp
https://www.exploit-db.com/exploits/23262

The provided text describes multiple HTML injection and cross-site scripting (XSS) vulnerabilities in Caucho Resin's JSP scripts. It includes example payloads for exploitation but lacks executable code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Caucho Resin 2.1 and prior
No auth needed
Prerequisites: Access to vulnerable JSP scripts via a web browser
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/8852
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/10031
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/13460

Scores

EPSS 0.0145
EPSS Percentile 70.0%

Details

CWE
CWE-79
Status published
Products (4)
caucho_technology/resin 2.0
caucho_technology/resin 2.1.1
caucho_technology/resin 2.1.2
caucho_technology/resin 2.1.12
Published Dec 31, 2003
Tracked Since Feb 18, 2026