CVE-2004-1100

MailPost 5.1.1sv - Cross-Site Scripting via Append Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1100. PoCs published by Procheckup.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in MailPost 5.1.1sv due to insufficient sanitization of user-supplied input. The PoC URL injects arbitrary JavaScript code via the 'append' parameter, which executes in the context of the user's browser.

Description

Cross-site scripting (XSS) vulnerability in mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, when debug mode is enabled, allows remote attackers to execute arbitrary web script or HTML via the append parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Procheckup · textwebappscgi
https://www.exploit-db.com/exploits/24721

This exploit demonstrates a cross-site scripting (XSS) vulnerability in MailPost 5.1.1sv due to insufficient sanitization of user-supplied input. The PoC URL injects arbitrary JavaScript code via the 'append' parameter, which executes in the context of the user's browser.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: MailPost 5.1.1sv
No auth needed
Prerequisites: Access to a vulnerable MailPost instance · User interaction to trigger the malicious URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/11596
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17953
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/107998

Scores

EPSS 0.0513
EPSS Percentile 91.3%

Details

Status published
Products (1)
tips/mailpost 5.1.1sv
Published Jan 10, 2005
Tracked Since Feb 18, 2026