CVE-2005-3334

Flyspray 0.9.7-0.9.8 - Cross-Site Scripting via Multiple Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3334. PoCs published by Lostmon.

AI-analyzed exploit summary The provided text describes multiple XSS vulnerabilities in Flyspray due to insufficient input sanitization. It includes example URLs demonstrating the vulnerabilities but does not contain executable exploit code.

Description

Cross-site scripting (XSS) vulnerability in index.php in Flyspray 0.9.7 through 0.9.8 (devel) allows remote attackers to inject arbitrary web script or HTML via the (1) PHPSESSID, (2) task, (3) string, (4) type, (5) serv, (6) due, (7) dev, and (8) sort2 parameters.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Lostmon · textwebappsphp

https://www.exploit-db.com/exploits/26400

View Code ZIP pw:eip

The provided text describes multiple XSS vulnerabilities in Flyspray due to insufficient input sanitization. It includes example URLs demonstrating the vulnerabilities but does not contain executable exploit code.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Theoretical

Target: Flyspray (version not specified)

No auth needed

Prerequisites: Access to the target application · User interaction required for payload execution

MITRE ATT&CK