CVE-2005-2523

Weblog Server 10.4-10.4.2 - Cross-Site Scripting

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-2523. PoCs published by Donnie Werner.

AI-analyzed exploit summary This is a writeup describing a cross-site scripting (XSS) vulnerability in Apple Mac OS X Weblog Server. It explains how an attacker can inject malicious scripts into the author and comment sections to execute arbitrary code in a user's browser.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server in Mac OS X 10.4 to 10.4.2 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Donnie Werner · textremoteosx
https://www.exploit-db.com/exploits/26152

This is a writeup describing a cross-site scripting (XSS) vulnerability in Apple Mac OS X Weblog Server. It explains how an attacker can inject malicious scripts into the author and comment sections to execute arbitrary code in a user's browser.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Apple Mac OS X Weblog Server
No auth needed
Prerequisites: Access to the weblog comment section
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Patch, Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
Patch, Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html

Scores

EPSS 0.0139
EPSS Percentile 68.7%

Details

Status published
Products (4)
apple/mac_os_x 10.4
apple/mac_os_x 10.4.1
apple/mac_os_x 10.4.2
apple/weblog_server
Published Aug 19, 2005
Tracked Since Feb 18, 2026