CVE-2011-5177

eSyndiCat Pro 2.3.05 - Cross-Site Scripting via Admin Controller Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-5177. PoCs published by d3v1l.

AI-analyzed exploit summary The provided text describes multiple XSS vulnerabilities in eSyndiCat Pro 2.3.05 due to improper input sanitization. It includes example URLs demonstrating the vulnerabilities but does not contain executable exploit code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in admin/controller.php in eSyndiCat Pro 2.3.05 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to the admins (2) blocks, (3) articles, or (4) suggest-category; or (5) sort parameter to the search page.

Exploits (1)

exploitdb WRITEUP VERIFIED
by d3v1l · textwebappsphp
https://www.exploit-db.com/exploits/36362

The provided text describes multiple XSS vulnerabilities in eSyndiCat Pro 2.3.05 due to improper input sanitization. It includes example URLs demonstrating the vulnerabilities but does not contain executable exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: eSyndiCat Pro 2.3.05
No auth needed
Prerequisites: Access to the vulnerable application
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/50822
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/71485

Scores

EPSS 0.0161
EPSS Percentile 73.1%

Details

CWE
CWE-79
Status published
Products (1)
esyndicat/esyndicat_pro 2.3.05
Published Sep 20, 2012
Tracked Since Feb 18, 2026