CVE-2005-1494
MegaBook 2.0-2.1 - Cross-Site Scripting via entryid or password Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2005-1494. PoCs published by Spy Hat.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in MegaBook 2.0 by injecting arbitrary script code via the 'entryid' parameter in the 'admin.cgi' endpoint. The PoC uses a simple alert script to confirm the vulnerability.
Description
Multiple cross-site scripting (XSS) vulnerabilities in admin.cgi in MegaBook 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) entryid or (2) password parameter.
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in MegaBook 2.0 by injecting arbitrary script code via the 'entryid' parameter in the 'admin.cgi' endpoint. The PoC uses a simple alert script to confirm the vulnerability.