CVE-2004-1872
WebCT Campus Edition 4.1.1.5 - Cross-Site Scripting via CSS @import URL
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2004-1872. PoCs published by Simon Boulet.
AI-analyzed exploit summary This exploit demonstrates an HTML injection vulnerability in WebCT Campus Edition 4.1, leveraging the @import url() function in CSS to execute arbitrary JavaScript in the context of a user's browser when viewing a malicious forum post.
Description
Cross-site scripting (XSS) vulnerability in WebCT Campus Edition 4.1.1.5 allows remote attackers to inject arbitrary web script or HTML via the @import URL function in a CSS style tag.
Exploits (1)
This exploit demonstrates an HTML injection vulnerability in WebCT Campus Edition 4.1, leveraging the @import url() function in CSS to execute arbitrary JavaScript in the context of a user's browser when viewing a malicious forum post.