CVE-2005-1076

WebCT Campus Edition 4.1 - Stored Cross-Site Scripting via Discussion Board Message Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1076. PoCs published by lacertosum.

AI-analyzed exploit summary This exploit demonstrates an HTML injection vulnerability in WebCT 4.1, where user-supplied input is not properly sanitized, allowing for XSS attacks. The provided code snippet includes a proof-of-concept for injecting JavaScript via a table background attribute.

Description

Cross-site scripting (XSS) vulnerability in the discussion board functionality for WebCT Campus Edition 4.1 allows remote attackers to inject arbitrary web script or HTML via the message field.

Exploits (1)

exploitdb WORKING POC VERIFIED
by lacertosum · textwebappsphp
https://www.exploit-db.com/exploits/25381

This exploit demonstrates an HTML injection vulnerability in WebCT 4.1, where user-supplied input is not properly sanitized, allowing for XSS attacks. The provided code snippet includes a proof-of-concept for injecting JavaScript via a table background attribute.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: WebCT Version 4.1
No auth needed
Prerequisites: Access to a vulnerable WebCT instance
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/395544
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/13101

Scores

EPSS 0.0137
EPSS Percentile 68.9%

Details

Status published
Products (1)
webct/webct campus_4.1
Published May 02, 2005
Tracked Since Feb 18, 2026