CVE-2005-2064

ASP Nuke 0.80 - Cross-Site Scripting via Multiple Registration Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-2064. PoCs published by Alberto Trivero.

AI-analyzed exploit summary This exploit demonstrates multiple XSS vulnerabilities in ASPNuke by injecting arbitrary JavaScript code via unsanitized input parameters in the registration form. The PoC URLs trigger script execution in the context of the affected site, potentially stealing cookies or performing other client-side attacks.

Description

Multiple cross-site scripting vulnerabilities in ASP Nuke 0.80 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to forgot_password.asp, or the (2) FirstName, (3) LastName, (4) Username, (5) Password, (6) Address1, (7) Address2, (8) City, (9) ZipCode, (10) Email parameter to register.asp.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Alberto Trivero · textwebappsasp
https://www.exploit-db.com/exploits/25906

This exploit demonstrates multiple XSS vulnerabilities in ASPNuke by injecting arbitrary JavaScript code via unsanitized input parameters in the registration form. The PoC URLs trigger script execution in the context of the affected site, potentially stealing cookies or performing other client-side attacks.

Classification
Working Poc 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: ASPNuke (version not specified)
No auth needed
Prerequisites: Access to the vulnerable ASPNuke registration page
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Alberto Trivero · textwebappsasp
https://www.exploit-db.com/exploits/25905

This exploit demonstrates a cross-site scripting (XSS) vulnerability in ASPNuke by injecting arbitrary JavaScript code via the 'email' parameter in the forgot_password.asp page. The PoC uses a simple alert to display the user's cookies, proving the vulnerability.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: ASPNuke (version not specified)
No auth needed
Prerequisites: Access to the target ASPNuke application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/14062
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111989223906484&w=2

Scores

EPSS 0.0203
EPSS Percentile 78.5%

Details

Status published
Products (1)
asp-nuke/asp-nuke 0.80
Published Jun 29, 2005
Tracked Since Feb 18, 2026