CVE-2004-2064
lostBook < 1.1 - Cross-Site Scripting via Email or Website Fields
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2004-2064. PoCs published by Joseph Moniz.
AI-analyzed exploit summary The code describes an HTML injection vulnerability in Verylost lostBook, where user-supplied input is not properly sanitized, allowing for XSS attacks. The example demonstrates stealing cookies via a malicious script executed in the context of the vulnerable site.
Description
Cross-site scripting (XSS) vulnerability in lostBook 1.1 and earlier allows remote attackers to inject arbitrary web script via the (1) Email or (2) Website fields.
Exploits (1)
The code describes an HTML injection vulnerability in Verylost lostBook, where user-supplied input is not properly sanitized, allowing for XSS attacks. The example demonstrates stealing cookies via a malicious script executed in the context of the vulnerable site.