CVE-2004-1645

Exploitation Summary

EIP tracks 2 public exploits for CVE-2004-1645. PoCs published by GulfTech Security.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in Xedus 1.0, including DoS, XSS, and directory traversal, but does not contain actual exploit code. It references a sample XSS payload without functional implementation.

Description

Cross-site scripting (XSS) vulnerability in Xedus 1.0 allows remote attackers to execute arbitrary web script or HTML via the (1) username parameter to test.x, (2) username parameter to TestServer.x, or (3) param parameter to testgetrequest.x.

Exploits (2)

exploitdb WRITEUP VERIFIED

by GulfTech Security · textremotewindows

https://www.exploit-db.com/exploits/24418

View Code ZIP pw:eip

The provided text describes multiple vulnerabilities in Xedus 1.0, including DoS, XSS, and directory traversal, but does not contain actual exploit code. It references a sample XSS payload without functional implementation.

Classification

Writeup 90%

Attack Type

Xss | Dos | Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: Xedus 1.0

No auth needed

Prerequisites: Network access to the target server · Xedus 1.0 running on port 4274

MITRE ATT&CK

T1505 - Server Software Component T1190 - Exploit Public-Facing Application T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →