CVE-2011-1714

qooxdoo 1.3 - Cross-Site Scripting via Callback Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-1714. PoCs published by AutoSec Tools.

AI-analyzed exploit summary The exploit demonstrates a Local File Inclusion (LFI) vulnerability in eyeOS 2.3, allowing arbitrary file inclusion via path traversal. It also includes a reflected XSS vulnerability in the same software.

Description

Cross-site scripting (XSS) vulnerability in framework/source/resource/qx/test/jsonp_primitive.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web script or HTML via the callback parameter.

Exploits (1)

exploitdb WORKING POC
by AutoSec Tools · textwebappsphp
https://www.exploit-db.com/exploits/17127

The exploit demonstrates a Local File Inclusion (LFI) vulnerability in eyeOS 2.3, allowing arbitrary file inclusion via path traversal. It also includes a reflected XSS vulnerability in the same software.

Classification
Working Poc 100%
Attack Type
Info Leak | Xss
Complexity
Trivial
Reliability
Reliable
Target: eyeOS 2.3
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/17127
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/71720
Exploit vdb-entry x_refsource_osvdb
http://osvdb.org/71718
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/47184
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/66574
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43997
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43818

Scores

EPSS 0.0858
EPSS Percentile 92.6%

Details

CWE
CWE-79
Status published
Products (2)
npm/qooxdoo 0npm
qooxdoo/qooxdoo 1.3
Published Apr 18, 2011
Tracked Since Feb 18, 2026