CVE-2018-5705

MEDIUM

Reservo Image Hosting 1.6 - Cross-Site Scripting via Search Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-5705. PoCs published by Dennis Veninga.

AI-analyzed exploit summary This exploit demonstrates a Cross-Site Scripting (XSS) vulnerability in Reservo Image Hosting Script 1.5 via the search engine functionality. The PoC provides a crafted URL that injects and executes arbitrary JavaScript code when visited by a user.

Description

Reservo Image Hosting 1.6 is vulnerable to XSS attacks. The affected function is its search engine (the t parameter to the /search URI). Since there is an user/admin login interface, it's possible for attackers to steal sessions of users and thus admin(s). By sending users an infected URL, code will be executed.

Exploits (1)

exploitdb WORKING POC
by Dennis Veninga · textwebappsphp
https://www.exploit-db.com/exploits/43676

This exploit demonstrates a Cross-Site Scripting (XSS) vulnerability in Reservo Image Hosting Script 1.5 via the search engine functionality. The PoC provides a crafted URL that injects and executes arbitrary JavaScript code when visited by a user.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Reservo Image Hosting Script 1.5
No auth needed
Prerequisites: A target running Reservo Image Hosting Script 1.5 · Victim interaction to visit the crafted URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43676/

Scores

CVSS v3 6.1
EPSS 0.0149
EPSS Percentile 70.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
reservo/image_hosting 1.6
Published Jan 24, 2018
Tracked Since Feb 18, 2026