CVE-2010-1111

Jokes Complete Website - Cross-Site Scripting via id Parameter or searchingred Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-1111. PoCs published by indoushka.

AI-analyzed exploit summary This exploit demonstrates a reflected XSS vulnerability in EasySiteNetwork Jokes Complete Website by injecting malicious JavaScript via the 'searchingred' parameter in results.php. The PoC uses an img tag with an onload event to trigger an alert dialog, proving arbitrary script execution.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Jokes Complete Website allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to joke.php and the (2) searchingred parameter to results.php.

Exploits (2)

exploitdb WORKING POC VERIFIED
by indoushka · textwebappsphp
https://www.exploit-db.com/exploits/33546

This exploit demonstrates a reflected XSS vulnerability in EasySiteNetwork Jokes Complete Website by injecting malicious JavaScript via the 'searchingred' parameter in results.php. The PoC uses an img tag with an onload event to trigger an alert dialog, proving arbitrary script execution.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: EasySiteNetwork Jokes Complete Website
No auth needed
Prerequisites: Access to the vulnerable web application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by indoushka · textwebappsphp
https://www.exploit-db.com/exploits/33545

This exploit demonstrates a reflected XSS vulnerability in EasySiteNetwork Jokes Complete Website by injecting malicious script code via the 'id' parameter in the URL. The lack of input sanitization allows arbitrary JavaScript execution in the context of the affected site.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: EasySiteNetwork Jokes Complete Website
No auth needed
Prerequisites: Access to the vulnerable web application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/55761
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/37852

Scores

EPSS 0.0147
EPSS Percentile 70.4%

Details

CWE
CWE-79
Status published
Products (1)
easysitenetwork/jokes_complete_website
Published Mar 25, 2010
Tracked Since Feb 18, 2026