CVE-2004-2094

WebcamXP 1.06.945 - Cross-Site Scripting via URL Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2094. PoCs published by Rafel Ivgi The-Insider.

AI-analyzed exploit summary This is a writeup describing a cross-site scripting (XSS) vulnerability in WebcamXP version 1.06.945. The vulnerability allows remote attackers to execute HTML or script code in a user's browser via a malicious URI.

Description

Cross-site scripting (XSS) vulnerability in WebcamXP 1.06.945 allows remote attackers to inject arbitrary HTML or web script as other users via a URL that contains the script.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Rafel Ivgi The-Insider · textremotemultiple
https://www.exploit-db.com/exploits/23563

This is a writeup describing a cross-site scripting (XSS) vulnerability in WebcamXP version 1.06.945. The vulnerability allows remote attackers to execute HTML or script code in a user's browser via a malicious URI.

Classification
Writeup 80%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: WebcamXP version 1.06.945
No auth needed
Prerequisites: A vulnerable version of WebcamXP · User interaction to visit a malicious URI
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/14904
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107471195326270&w=2
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9465

Scores

EPSS 0.0173
EPSS Percentile 74.7%

Details

Status published
Products (1)
darkwet/webcam_xp 1.6.945
Published Dec 31, 2004
Tracked Since Feb 18, 2026