CVE-2005-4415

TML CMS 0.5 - Cross-Site Scripting via Form Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-4415. PoCs published by X1ngBox.

AI-analyzed exploit summary The provided text describes an input validation vulnerability in TML CMS 0.5, allowing potential XSS attacks via the 'type' and 'form' parameters. No functional exploit code is included, only a description and a sample URL demonstrating the vulnerability.

Description

Cross-site scripting (XSS) vulnerability in index.php in TML CMS 0.5 allows remote attackers to inject arbitrary web script or HTML via the form parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by X1ngBox · textwebappsphp

https://www.exploit-db.com/exploits/26839

View Code ZIP pw:eip

The provided text describes an input validation vulnerability in TML CMS 0.5, allowing potential XSS attacks via the 'type' and 'form' parameters. No functional exploit code is included, only a description and a sample URL demonstrating the vulnerability.

Classification

Writeup 80%

Attack Type

Xss

Complexity

Trivial

Reliability

Theoretical

Target: TML CMS 0.5

No auth needed

Prerequisites: Access to the vulnerable TML CMS instance

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit x_refsource_misc

http://packetstormsecurity.org/0512-exploits/ztml.txt

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/22076

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/21801

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/15876

Scores

EPSS 0.0176

EPSS Percentile 75.2%

Details

Status published

Products (1)

tml/tml 0.5

Published Dec 20, 2005

Tracked Since Feb 18, 2026