CVE-2005-2326

Clever Copy 2.0 and 2.0a - Cross-Site Scripting via calendar.php yr Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-2326. PoCs published by Lostmon.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Clever Copy, where user-supplied URI input is not properly sanitized. An example exploit URL is included to demonstrate the issue.

Description

Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a allows remote attackers to inject arbitrary web script or HTML via the yr parameter to calendar.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Lostmon · textwebappsphp

https://www.exploit-db.com/exploits/25990

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in Clever Copy, where user-supplied URI input is not properly sanitized. An example exploit URL is included to demonstrate the issue.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Clever Copy (version not specified)

No auth needed

Prerequisites: Access to a vulnerable instance of Clever Copy · Ability to craft a malicious URL

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Vendor Advisory x_refsource_misc

http://lostmon.blogspot.com/2005/07/clever-copy-calendarphp-yr-variable.html

Scores

EPSS 0.0270

EPSS Percentile 84.0%

Details

Status published

Products (2)

clever_copy/clever_copy 2.0

clever_copy/clever_copy 2.0a

Published Jul 19, 2005

Tracked Since Feb 18, 2026