CVE-2004-1825

Mambo Open Source 4.5 stable 1.0.3 - Cross-Site Scripting via return or mos_change_template Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1825. PoCs published by JeiAr.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Mambo's 'index.php' script due to improper validation of user-supplied URI input. An attacker can craft a malicious link with hostile HTML and script code, which executes in the victim's browser.

Description

Cross-site scripting (XSS) vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) return or (2) mos_change_template parameters.

Exploits (1)

exploitdb WRITEUP VERIFIED

by JeiAr · textwebappsphp

https://www.exploit-db.com/exploits/23824

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in Mambo's 'index.php' script due to improper validation of user-supplied URI input. An attacker can craft a malicious link with hostile HTML and script code, which executes in the victim's browser.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Mambo (version not specified)

No auth needed

Prerequisites: Victim must click a malicious link

MITRE ATT&CK