CVE-2005-1800

Clam Anti-virus Clamav - XSS

Title source: rule
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1800. PoCs published by Nah.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in JAWS versions 0.4 and 0.5, where the 'Glossary' module fails to sanitize user input. The example URL demonstrates how an attacker could inject malicious JavaScript code via the 'term' parameter.

Description

Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 to 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the term parameter in a view or ViewTerm action to index.php.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Nah · textwebappsphp
https://www.exploit-db.com/exploits/25740

The provided text describes a cross-site scripting (XSS) vulnerability in JAWS versions 0.4 and 0.5, where the 'Glossary' module fails to sanitize user input. The example URL demonstrates how an attacker could inject malicious JavaScript code via the 'term' parameter.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: JAWS 0.4, 0.5
No auth needed
Prerequisites: Access to the target application's URL
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Patch, Vendor Advisory mailing-list x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2005-May/034354.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/13796

Scores

EPSS 0.0306
EPSS Percentile 86.0%

Details

Status published
Products (5)
clam_anti-virus/clamav 0.81
clam_anti-virus/clamav 0.82
clam_anti-virus/clamav 0.83
clam_anti-virus/clamav 0.84_rc1
clam_anti-virus/clamav 0.84_rc2
Published May 28, 2005
Tracked Since Feb 18, 2026