CVE-2004-0358

VirtuaNews Admin Panel Pro 1.0.3 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-0358. PoCs published by Rafel Ivgi The-Insider.

AI-analyzed exploit summary The exploit demonstrates multiple XSS vulnerabilities in VirtuaNews' non-default modules 'Files' and 'Vulns' by injecting malicious scripts via URI parameters. The PoC includes crafted URLs that trigger arbitrary script execution in the context of the vulnerable application.

Description

Cross-site scripting (XSS) vulnerability in VirtuaNews Admin Panel Pro 1.0.3 allows remote attackers to execute arbitrary script as other users via (1) the mainnews parameter in admin.php, (2) the expand parameter in admin.php, (3) the id parameter in admin.php, (4) the catid parameter in admin.php, or (5) an unnamed parameter during the newslogo_upload action in admin.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Rafel Ivgi The-Insider · textwebappsphp
https://www.exploit-db.com/exploits/23792

The exploit demonstrates multiple XSS vulnerabilities in VirtuaNews' non-default modules 'Files' and 'Vulns' by injecting malicious scripts via URI parameters. The PoC includes crafted URLs that trigger arbitrary script execution in the context of the vulnerable application.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: VirtuaNews (version not specified)
No auth needed
Prerequisites: Access to the vulnerable VirtuaNews installation · Non-default modules 'Files' and 'Vulns' enabled
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107851556116088&w=2
Exploit mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2004-03/0069.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15402
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9812
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9819

Scores

EPSS 0.0422
EPSS Percentile 89.7%

Details

Status published
Products (4)
virtuasystems/virtuanews_pro 1.0
virtuasystems/virtuanews_pro 1.0.1
virtuasystems/virtuanews_pro 1.0.2
virtuasystems/virtuanews_pro 1.0.3
Published Nov 23, 2004
Tracked Since Feb 18, 2026