CVE-2005-2818

DownFile 1.3 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in DownFile 1.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter to (1) email.php,(2) index.php, (3) del.php, or (4) add_form.php.

References (4)

Scores

EPSS 0.0035
EPSS Percentile 56.9%

Classification

CWE
CWE-79
Status draft

Affected Products (1)

eric_fichot/downfile

Timeline

Published Sep 07, 2005
Tracked Since Feb 18, 2026