CVE-2005-1053

ModernBill < 4.3.0 - Cross-Site Scripting via orderwiz.php c_code or aid Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-1053. PoCs published by GulfTech Security.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in ModernBill 4.3 and prior versions due to improper sanitization of the 'c_code' parameter. The example URL demonstrates how an attacker could inject malicious scripts via the 'c_code' parameter.

Description

Multiple cross-site scripting (XSS) vulnerabilities in orderwiz.php in ModernBill 4.3.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) c_code or (2) aid parameters.

Exploits (2)

exploitdb WRITEUP VERIFIED
by GulfTech Security · textwebappsphp
https://www.exploit-db.com/exploits/25377

The provided text describes a cross-site scripting (XSS) vulnerability in ModernBill 4.3 and prior versions due to improper sanitization of the 'c_code' parameter. The example URL demonstrates how an attacker could inject malicious scripts via the 'c_code' parameter.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: ModernBill 4.3 and prior versions
No auth needed
Prerequisites: Access to the vulnerable URL with the 'c_code' parameter
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by GulfTech Security · textwebappsphp
https://www.exploit-db.com/exploits/25378

The provided text describes a cross-site scripting (XSS) vulnerability in ModernBill 4.3 and prior versions due to improper sanitization of the 'aid' parameter in the 'orderwiz.php' script. The vulnerability allows attackers to inject malicious scripts via the 'aid' parameter, potentially leading to cookie theft or other client-side attacks.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: ModernBill 4.3 and prior versions
No auth needed
Prerequisites: Access to the vulnerable 'orderwiz.php' script
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/20035
Exploit, Patch vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1013672
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111323741032183&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/15426
Exploit, Patch third-party-advisory x_refsource_secunia
http://secunia.com/advisories/14890

Scores

EPSS 0.0399
EPSS Percentile 89.2%

Details

Status published
Products (1)
moderngigabyte/modernbill < 4.3.0
Published May 02, 2005
Tracked Since Feb 18, 2026