CVE-2005-0945
ACS Blog 1.1.1 - Cross-Site Scripting via Event Handlers in HTML Tags
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2005-0945. PoCs published by Dan Crowley.
AI-analyzed exploit summary This exploit demonstrates an HTML injection vulnerability in ACS Blog, specifically targeting the 'Name' field to execute arbitrary HTML and script code in a user's browser. The provided payload is a simple XSS proof-of-concept using a script tag to trigger an alert.
Description
Cross-site scripting (XSS) vulnerability in ACS Blog 1.1.1 allows remote attackers to inject arbitrary web script or HTML via onmouseover or onload events in (1) img, (2) link, or (3) mail tags.
Exploits (1)
This exploit demonstrates an HTML injection vulnerability in ACS Blog, specifically targeting the 'Name' field to execute arbitrary HTML and script code in a user's browser. The provided payload is a simple XSS proof-of-concept using a script tag to trigger an alert.