CVE-2005-4245

Snipe Gallery < 3.1.4 - Cross-Site Scripting via Search Keyword Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-4245. PoCs published by r0t.

AI-analyzed exploit summary The provided text describes an XSS vulnerability in Snipe Gallery versions 3.1.4 and prior, with an example URL demonstrating the exploit. It lacks executable code, making it a writeup rather than a functional PoC.

Description

Cross-site scripting (XSS) vulnerability in search.php in Snipe Gallery 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by r0t · textwebappsphp
https://www.exploit-db.com/exploits/26801

The provided text describes an XSS vulnerability in Snipe Gallery versions 3.1.4 and prior, with an example URL demonstrating the exploit. It lacks executable code, making it a writeup rather than a functional PoC.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: Snipe Gallery <= 3.1.4
No auth needed
Prerequisites: Access to the target application's search.php endpoint
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18022
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2882
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15844
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/21695
Exploit third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/716

Scores

EPSS 0.0366
EPSS Percentile 88.2%

Details

CWE
CWE-79
Status published
Products (1)
snipegallery/snipe_gallery < 3.1.4
Published Dec 14, 2005
Tracked Since Feb 18, 2026