CVE-2005-4880

Jax Guestbook 3.1-3.31 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2005-4880. PoCs published by Lostmon.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Jax PHP Scripts due to insufficient input sanitization. It references a specific log file path but does not include executable exploit code.

Description

Jax Guestbook 3.1 and 3.31 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain IP addresses of users via a direct request to (1) guestbook, (2) guestbook_ips2block, (3) ips2block, and (4) formmailer/logfile.csv.

Exploits (4)

exploitdb WRITEUP VERIFIED
by Lostmon · textwebappsphp
https://www.exploit-db.com/exploits/26092

The provided text describes a cross-site scripting (XSS) vulnerability in Jax PHP Scripts due to insufficient input sanitization. It references a specific log file path but does not include executable exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: Jax PHP Scripts
No auth needed
Prerequisites: Access to a vulnerable Jax PHP Scripts installation
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Lostmon · textwebappsphp
https://www.exploit-db.com/exploits/26091

The provided text describes a cross-site scripting (XSS) vulnerability in Jax PHP Scripts, specifically in the guestbook component. It lacks executable exploit code but references a known CVE and explains the vulnerability's impact.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: Jax PHP Scripts (guestbook component)
No auth needed
Prerequisites: Access to the vulnerable guestbook component
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Lostmon · textwebappsphp
https://www.exploit-db.com/exploits/26090

The provided text describes a cross-site scripting (XSS) vulnerability in Jax PHP Scripts, specifically in the guestbook component. It lacks executable exploit code but references a known CVE and explains the vulnerability's impact.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: Jax PHP Scripts (guestbook component)
No auth needed
Prerequisites: Access to a vulnerable Jax PHP Scripts guestbook instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Lostmon · textwebappsphp
https://www.exploit-db.com/exploits/26089

The provided text describes a cross-site scripting (XSS) vulnerability in Jax PHP Scripts, specifically in the guestbook module, due to insufficient input sanitization. It outlines the potential impact but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: Jax PHP Scripts (guestbook module)
No auth needed
Prerequisites: Access to the vulnerable guestbook page
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/16337

Scores

EPSS 0.0241
EPSS Percentile 81.9%

Details

CWE
CWE-264
Status published
Products (2)
jax_scripts/jax_guestbook 3.1
jax_scripts/jax_guestbook 3.3.1
Published Mar 31, 2009
Tracked Since Feb 18, 2026