CVE-2004-1845

News Manager Lite 2.5 - Cross-Site Scripting via Email Parameter or Search Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2004-1845. PoCs published by Manuel Lopez.

AI-analyzed exploit summary This is a vulnerability writeup describing multiple issues in News Manager Lite 2.5, including SQL injection, XSS, and account hijacking via cookie manipulation. No actual exploit code is provided, only a description and an example XSS payload.

Description

Multiple cross-site scripting (XSS) vulnerabilities in News Manager Lite 2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to comment_add.asp, (2) search parameter to search.asp, or (3) n parameter to category_news_headline.asp.

Exploits (3)

exploitdb WRITEUP VERIFIED
by Manuel Lopez · textwebappsasp
https://www.exploit-db.com/exploits/23858

This is a vulnerability writeup describing multiple issues in News Manager Lite 2.5, including SQL injection, XSS, and account hijacking via cookie manipulation. No actual exploit code is provided, only a description and an example XSS payload.

Classification
Writeup 90%
Attack Type
Xss | Sqli | Auth Bypass
Complexity
Trivial
Reliability
Theoretical
Target: News Manager Lite 2.5
No auth needed
Prerequisites: Access to vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Manuel Lopez · textwebappsasp
https://www.exploit-db.com/exploits/23857

The provided text describes multiple vulnerabilities in News Manager Lite 2.5, including SQL injection, XSS, and account hijacking via cookie manipulation. It references specific scripts and parameters but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Xss | Sqli | Auth Bypass
Complexity
Trivial
Reliability
Theoretical
Target: News Manager Lite 2.5
No auth needed
Prerequisites: Access to vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Manuel Lopez · textwebappsasp
https://www.exploit-db.com/exploits/23859

This is a vulnerability writeup describing multiple issues in News Manager Lite 2.5, including SQL injection, XSS, and account hijacking via cookie manipulation. No functional exploit code is provided.

Classification
Writeup 90%
Attack Type
Xss | Sqli | Auth Bypass
Complexity
Trivial
Reliability
Theoretical
Target: News Manager Lite 2.5
No auth needed
Prerequisites: Access to vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15548
Exploit third-party-advisory x_refsource_secunia
http://secunia.com/advisories/11180
Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/4492
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9935
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1009507
Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/4493
Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/4494
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107999733503496&w=2

Scores

EPSS 0.0216
EPSS Percentile 79.9%

Details

Status published
Products (1)
expinion.net/news_manager_lite 2.5
Published Dec 31, 2004
Tracked Since Feb 18, 2026