CVE-2005-3200

Utopia News Pro 1.1.3-1.1.4 - Cross-Site Scripting via sitetitle, version, and query_count Parameters

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-3200. PoCs published by rgod.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Utopia News Pro by injecting arbitrary JavaScript code via the 'sitetitle' parameter in header.php. The PoC uses a simple alert to display the user's cookies, proving the vulnerability.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Utopia News Pro (UNP) 1.1.3 and 1.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the sitetitle parameter in header.php and (2) the version and (3) query_count parameters in footer.php.

Exploits (2)

exploitdb WORKING POC VERIFIED

by rgod · textwebappsphp

https://www.exploit-db.com/exploits/26327

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Utopia News Pro by injecting arbitrary JavaScript code via the 'sitetitle' parameter in header.php. The PoC uses a simple alert to display the user's cookies, proving the vulnerability.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Utopia News Pro

No auth needed

Prerequisites: Access to the vulnerable application URL

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →