CVE-2005-3695
LiteSpeed Web Server 2.1.5 - Cross-Site Scripting via m Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2005-3695. PoCs published by Gama Sec.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in LiteSpeed Web Server by injecting arbitrary JavaScript code via the 'm' parameter in the admin interface. The PoC URL triggers an alert with the user's cookies, proving the lack of input sanitization.
Description
Cross-site scripting (XSS) vulnerability in admin/config/confMgr.php in LiteSpeed Web Server 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the m parameter.
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in LiteSpeed Web Server by injecting arbitrary JavaScript code via the 'm' parameter in the admin interface. The PoC URL triggers an alert with the user's cookies, proving the lack of input sanitization.