CVE-2004-1954
phprofession 2.5 - Cross-Site Scripting via jcode Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2004-1954. PoCs published by Janek Vind.
AI-analyzed exploit summary The provided text describes multiple vulnerabilities in phProfession, a PostNuke module, including XSS and SQL injection. It includes a sample XSS payload URL but lacks executable exploit code.
Description
Cross-site scripting (XSS) vulnerability in modules.php in phProfession 2.5 allows remote attackers to inject arbitrary web script or HTML via the jcode parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Janek Vind · textwebappsphp
https://www.exploit-db.com/exploits/24036
The provided text describes multiple vulnerabilities in phProfession, a PostNuke module, including XSS and SQL injection. It includes a sample XSS payload URL but lacks executable exploit code.
Classification
Writeup 90%
Attack Type
Xss | Sqli | Info Leak
Complexity
Trivial
Reliability
Theoretical
Target:
phProfession 2.5 (PostNuke module)
No auth needed
Prerequisites:
Access to the target PostNuke instance with phProfession module
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (6)
Core 6
Core References
Exploit, Vendor Advisory vdb-entry
x_refsource_osvdb
http://www.osvdb.org/5624
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15931
Exploit, Vendor Advisory x_refsource_misc
http://www.waraxe.us/index.php?modname=sa&id=21
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=108258931430060&w=2
Exploit, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/11465
Exploit, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/10190
Scores
EPSS
0.0191
EPSS Percentile
77.1%
Details
Status
published
Products (1)
phprofession/phprofession
2.5
Published
Apr 21, 2004
Tracked Since
Feb 18, 2026