CVE-2005-1803

Net Portal Dynamic System 5.0 - Cross-Site Scripting via Multiple Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 6 public exploits for CVE-2005-1803. PoCs published by NoSP.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in NPDS, including XSS and SQL injection, with an example XSS payload. However, it lacks executable exploit code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dynamic System (NPDS) 5.0 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) admin.php, or (2) powerpack_f.php, (3) the sitename parameter to sdv_infos.php, (4) the categories parameter to faq.php, (5) the lettre parameter to the glossaire module, (6) the title parameter to reviews.php, or (7) the image_subject parameter to reply.php.

Exploits (6)

exploitdb WRITEUP VERIFIED
by NoSP · textwebappsphp
https://www.exploit-db.com/exploits/25744

The provided text describes multiple vulnerabilities in NPDS, including XSS and SQL injection, with an example XSS payload. However, it lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: NPDS (all versions)
No auth needed
Prerequisites: Access to the vulnerable NPDS instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by NoSP · textwebappsphp
https://www.exploit-db.com/exploits/25746

The provided text describes multiple vulnerabilities in NPDS, including HTML injection, XSS, and SQL injection, with an example XSS payload. It lacks executable exploit code but outlines attack vectors.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: NPDS (all versions)
No auth needed
Prerequisites: Access to the target application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by NoSP · textwebappsphp
https://www.exploit-db.com/exploits/25747

This exploit demonstrates an XSS vulnerability in NPDS by injecting a malicious script via the 'image_subject' parameter in the 'reply.php' endpoint. The PoC shows how an attacker can execute arbitrary JavaScript in the context of a victim's browser session.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: NPDS (all versions)
No auth needed
Prerequisites: Victim must visit the crafted URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by NoSP · textwebappsphp
https://www.exploit-db.com/exploits/25743

The provided text describes multiple vulnerabilities in NPDS, including HTML injection, XSS, and SQL injection, with an example XSS payload. It lacks executable exploit code but outlines attack vectors.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: NPDS (all versions)
No auth needed
Prerequisites: Access to the target URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by NoSP · textwebappsphp
https://www.exploit-db.com/exploits/25750

The provided text describes a vulnerability in NPDS involving HTML injection, XSS, and SQL injection due to input validation errors. It includes a sample XSS payload but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: NPDS (all versions)
No auth needed
Prerequisites: Access to the vulnerable NPDS FAQ page
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by NoSP · textwebappsphp
https://www.exploit-db.com/exploits/25742

The provided text describes multiple vulnerabilities in NPDS, including HTML injection, XSS, and SQL injection, with an example XSS payload. It lacks executable exploit code but outlines attack vectors.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: NPDS (all versions)
No auth needed
Prerequisites: Access to the target NPDS admin.php endpoint
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/16464
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1014073
Vendor Advisory x_refsource_confirm
http://www.npds.org/download.php?op=geninfo&did=115
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/16922

Scores

EPSS 0.0184
EPSS Percentile 76.2%

Details

Status published
Products (1)
net_portal_dynamic_system/net_portal_dynamic_system 5.0
Published May 29, 2005
Tracked Since Feb 18, 2026