CVE-2010-2355

Pilot Group eLMS Pro - Cross-Site Scripting via Error Page Message Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2355.

AI-analyzed exploit summary The document describes SQL injection and XSS vulnerabilities in eLMS Pro, providing attack patterns and demo URLs. It lacks functional exploit code but includes technical details about the vulnerabilities.

Description

Cross-site scripting (XSS) vulnerability in error.php in Pilot Group (PG) eLMS Pro allows remote attackers to inject arbitrary web script or HTML via the message parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/13785

View Code ZIP pw:eip

The document describes SQL injection and XSS vulnerabilities in eLMS Pro, providing attack patterns and demo URLs. It lacks functional exploit code but includes technical details about the vulnerabilities.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Theoretical

Target: eLMS Pro

No auth needed

Prerequisites: Access to the target URL

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059.007 - JavaScript

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/59300

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/40766

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/40163

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/65422

Scores

EPSS 0.0146

EPSS Percentile 70.2%

Details

CWE

CWE-79

Status published

Products (1)

pilotgroup/elms_pro

Published Jun 21, 2010

Tracked Since Feb 18, 2026