CVE-2005-3514
chipmunk_forum - Stored Cross-Site Scripting via forumID Parameter
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2005-3514. PoCs published by Alireza Hassani.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Chipmunk products by injecting arbitrary script code via the 'forumID' parameter in the 'quote.php' file. The payload uses an IFRAME with a JavaScript URI to trigger an alert, proving the vulnerability.
Description
Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Forum script allow remote attackers to inject arbitrary web script or HTML via the forumID parameter to (1) newtopic.php, (2) quote.php, (3) index.php, and (4) reply.php.
Exploits (2)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in Chipmunk products by injecting arbitrary script code via the 'forumID' parameter in the 'quote.php' file. The payload uses an IFRAME with a JavaScript URI to trigger an alert, proving the vulnerability.
This exploit demonstrates a cross-site scripting (XSS) vulnerability in Chipmunk products by injecting malicious JavaScript via the 'forumID' parameter in the URL. The payload uses an IFRAME to execute arbitrary script code in the context of the affected site.