CVE-2005-1620

Skull-Splitter Guestbook 1.0, 2.0, 2.2 - Stored Cross-Site Scripting via Message Title or Content

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1620. PoCs published by Morinex Eneco.

AI-analyzed exploit summary This exploit demonstrates HTML and script injection vulnerabilities in Skull-Splitter Guestbook, allowing attackers to execute arbitrary script code in the context of the affected site. The PoC shows how to inject a simple alert script and an iframe to demonstrate the vulnerability.

Description

Cross-site scripting (XSS) vulnerability in Skull-Splitter Guestbook 1.0, 2.0 and 2.2 allows remote attackers to inject arbitrary web script or HTML via the (1) title or (2) content of a message.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Morinex Eneco · textwebappsphp

https://www.exploit-db.com/exploits/25662

View Code ZIP pw:eip

This exploit demonstrates HTML and script injection vulnerabilities in Skull-Splitter Guestbook, allowing attackers to execute arbitrary script code in the context of the affected site. The PoC shows how to inject a simple alert script and an iframe to demonstrate the vulnerability.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Skull-Splitter Guestbook versions 1.0, 2.0, and 2.2

No auth needed

Prerequisites: Access to the guestbook message posting functionality

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=111609838307070&w=2

Various Sources x_refsource_misc

http://www.m0r1n3x.com/Skull-splitter_adv.txt

Scores

EPSS 0.0270

EPSS Percentile 84.1%

Details

Status published

Products (3)

soren_boysen/skull-splitter_guestbook 1.0

soren_boysen/skull-splitter_guestbook 2.0

soren_boysen/skull-splitter_guestbook 2.2

Published May 16, 2005

Tracked Since Feb 18, 2026