CVE-2005-3520

MySource 2.14.0 - Cross-Site Scripting via Multiple Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 7 public exploits for CVE-2005-3520. PoCs published by Secunia Research.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in MySource, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could inject arbitrary script code via the 'target_url' parameter.

Description

Multiple cross-site scripting (XSS) vulnerabilities in MySource 2.14.0 allow remote attackers to inject arbitrary web script or HTML via (1) the target_url parameter in upgrade_in_progress_backend.php, (2) the stylesheet parameter in edit_table_cell_type_wysiwyg.php, and the bgcolor parameter in (3) insert_table.php, (4) edit_table_cell_props.php, (5) header.php, (6) edit_table_row_props.php, and (7) edit_table_props.php.

Exploits (7)

exploitdb WRITEUP VERIFIED
by Secunia Research · textwebappsphp
https://www.exploit-db.com/exploits/26355

The provided text describes a cross-site scripting (XSS) vulnerability in MySource, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could inject arbitrary script code via the 'target_url' parameter.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: MySource (version not specified)
No auth needed
Prerequisites: Access to a vulnerable MySource instance · Ability to craft a malicious URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Secunia Research · textwebappsphp
https://www.exploit-db.com/exploits/26356

The provided text describes a cross-site scripting (XSS) vulnerability in MySource, where user-supplied input is not properly sanitized. The example URL demonstrates how arbitrary script code could be executed in the context of the affected site.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: MySource (version not specified)
No auth needed
Prerequisites: Access to a vulnerable MySource installation · Ability to craft a malicious URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Secunia Research · textwebappsphp
https://www.exploit-db.com/exploits/26358

The provided text describes a cross-site scripting (XSS) vulnerability in MySource, where user-supplied input is not properly sanitized. The example URL demonstrates how arbitrary script code could be executed in the context of the affected site.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: MySource (version not specified)
No auth needed
Prerequisites: Access to a vulnerable MySource installation · Ability to craft a malicious URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Secunia Research · textwebappsphp
https://www.exploit-db.com/exploits/26359

The provided text describes a cross-site scripting (XSS) vulnerability in MySource, where user-supplied input is not properly sanitized. The example URL demonstrates how arbitrary script code could be executed in the context of the affected site.

Classification
Writeup 80%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: MySource (version not specified)
No auth needed
Prerequisites: Access to a vulnerable MySource installation · Ability to craft a malicious URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Secunia Research · textwebappsphp
https://www.exploit-db.com/exploits/26360

The provided text describes a cross-site scripting (XSS) vulnerability in MySource, where user-supplied input is not properly sanitized. The example URL demonstrates how arbitrary script code could be executed in the context of the affected site.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: MySource (version not specified)
No auth needed
Prerequisites: Access to a vulnerable MySource installation · Ability to craft a malicious URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Secunia Research · textwebappsphp
https://www.exploit-db.com/exploits/26361

This exploit demonstrates a cross-site scripting (XSS) vulnerability in MySource by injecting arbitrary script code via the 'stylesheet' parameter. The vulnerability arises from insufficient input sanitization, allowing execution of malicious scripts in the context of the affected site.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: MySource (version not specified)
No auth needed
Prerequisites: Access to the vulnerable MySource application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Secunia Research · textwebappsphp
https://www.exploit-db.com/exploits/26357

The provided text describes a cross-site scripting (XSS) vulnerability in MySource, where user-supplied input is not properly sanitized. The example URL demonstrates how arbitrary script code could be executed in the context of the affected site.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: MySource (version not specified)
No auth needed
Prerequisites: Access to a vulnerable MySource instance · Ability to craft a malicious URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (14)

Core 14
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/92
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/20047
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/20044
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=112966933202769&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/20046
Exploit, Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/16946/
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/20045
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/22771
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2132
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/20049
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1015075
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/20050
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15132
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/20048

Scores

EPSS 0.0302
EPSS Percentile 85.7%

Details

Status published
Products (2)
mysource/mysource 2.14.0
mysource/mysource 2.14.0rc2
Published Nov 06, 2005
Tracked Since Feb 18, 2026