CVE-2005-0670

Coinsoft Technologies Phpcoin - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through 1.2.1b allows remote attackers to inject arbitrary web script or HTML via (1) the new parameter to mod.php, (2) the w parameter to mod.php, (3) the e parameter to login.php, (4) the o parameter to login.php, and possibly other scripts.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Lostmon · textwebappsphp

https://www.exploit-db.com/exploits/25174

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Lostmon · textwebappsphp

https://www.exploit-db.com/exploits/25175

View Code ZIP pw:eip

References (8)

[Various Sources] http://forums.phpcoin.com/index.php?showtopic=4101

[Patch] http://forums.phpcoin.com/index.php?showtopic=4116

[Various Sources] http://forums.phpcoin.com/index.php?showtopic=4118

[Exploit, Patch] http://secunia.com/advisories/14439

[Exploit] http://securitytracker.com/id?1013329

[Exploit] http://www.securityfocus.com/bid/12686

[Various Sources] http://lostmon.blogspot.com/2005/03/phpcoin-posible-sql-injection-comands.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/19572

Scores

EPSS 0.0150

EPSS Percentile 80.9%

Classification

Status draft

Affected Products (3)

coinsoft_technologies/phpcoin

coinsoft_technologies/phpcoin

coinsoft_technologies/phpcoin

Timeline

Published May 02, 2005

Tracked Since Feb 18, 2026