CVE-2004-1844

Member Management System 2.1 - Cross-Site Scripting via Error Parameter or Register Page

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2004-1844. PoCs published by Manuel Lopez.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Member Management System version 2.1, specifically in the 'err' parameter of 'error.asp' and the 'register.asp' script. It includes an example payload demonstrating how an attacker could inject malicious HTML/iframe code.

Description

Cross-site scripting (XSS) vulnerability in Member Management System 2.1 allows remote attackers to inject arbitrary web script or HTML via (1) the err parameter to error.asp or (2) register.asp.

Exploits (2)

exploitdb WRITEUP VERIFIED
by Manuel Lopez · textwebappsasp
https://www.exploit-db.com/exploits/23854

The provided text describes a cross-site scripting (XSS) vulnerability in Member Management System version 2.1, specifically in the 'err' parameter of 'error.asp' and the 'register.asp' script. It includes an example payload demonstrating how an attacker could inject malicious HTML/iframe code.

Classification
Writeup 80%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: Member Management System 2.1
No auth needed
Prerequisites: Access to the vulnerable web application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Manuel Lopez · textwebappsasp
https://www.exploit-db.com/exploits/23853

The provided text describes a cross-site scripting (XSS) vulnerability in Member Management System version 2.1, specifically in the 'err' parameter of 'error.asp' and the 'register.asp' script. It lacks executable exploit code but includes a proof-of-concept URL demonstrating the vulnerability.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: Member Management System 2.1
No auth needed
Prerequisites: Access to the vulnerable web application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107999697625786&w=2
Exploit third-party-advisory x_refsource_secunia
http://secunia.com/advisories/11179
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9932
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15552
Exploit vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1009508

Scores

EPSS 0.0177
EPSS Percentile 75.2%

Details

Status published
Published Dec 31, 2004
Tracked Since Feb 18, 2026