CVE-2003-1536

DCP-Portal 5.3.1 - Cross-Site Scripting via Search or Calendar Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-1536. PoCs published by Ertan Kurt.

AI-analyzed exploit summary The code describes a reflected XSS vulnerability in DCP-Portal's calendar script due to insufficient filtering of URI parameters. An attacker can craft a malicious link to execute arbitrary JavaScript in the context of a victim's browser session.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Codeworx Technologies DCP-Portal 5.3.1 allow remote attackers to inject arbitrary web script or HTML via (1) the q parameter to search.php and (2) the year parameter to calendar.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Ertan Kurt · textwebappsphp

https://www.exploit-db.com/exploits/22387

View Code ZIP pw:eip

The code describes a reflected XSS vulnerability in DCP-Portal's calendar script due to insufficient filtering of URI parameters. An attacker can craft a malicious link to execute arbitrary JavaScript in the context of a victim's browser session.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: DCP-Portal version 5.3.1

No auth needed

Prerequisites: Victim must click a crafted malicious link

MITRE ATT&CK