CVE-2004-2038
Land Down Under < 700 - Cross-Site Scripting via BBcode img Tag
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2004-2038. PoCs published by Tim De Gier.
AI-analyzed exploit summary This exploit demonstrates an HTML injection vulnerability in Land Down Under's BBCode implementation. The PoC uses a crafted [img] tag to execute JavaScript, potentially leading to cookie theft or content manipulation.
Description
Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) before LDU 700 allows remote attackers to inject arbitrary web script or HTML via a BBcode img tag in (1) functions.php, (2) header.php or (3) auth.inc.php.
Exploits (1)
This exploit demonstrates an HTML injection vulnerability in Land Down Under's BBCode implementation. The PoC uses a crafted [img] tag to execute JavaScript, potentially leading to cookie theft or content manipulation.