CVE-2020-15051

MEDIUM

Artica Proxy < 4.30.000000 - Stored Cross-Site Scripting via Multiple Input Fields

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-15051. PoCs published by pratikshad19.

AI-analyzed exploit summary This repository contains a writeup describing a Stored Cross-Site Scripting (XSS) vulnerability in Artica Proxy before version 4.28.030418 Community Edition. The vulnerability allows malicious scripts to be injected into input fields such as Server Domain Name, Email Address, and Group Name, potentially leading to session cookie theft.

Description

An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS exists via the Server Domain Name, Your Email Address, Group Name, MYSQL Server, Database, MYSQL Username, Group Name, and Task Description fields.

Exploits (1)

nomisec WRITEUP
by pratikshad19 · poc
https://github.com/pratikshad19/CVE-2020-15051

This repository contains a writeup describing a Stored Cross-Site Scripting (XSS) vulnerability in Artica Proxy before version 4.28.030418 Community Edition. The vulnerability allows malicious scripts to be injected into input fields such as Server Domain Name, Email Address, and Group Name, potentially leading to session cookie theft.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Artica Proxy Community Edition before 4.28.030418
No auth needed
Prerequisites: Access to vulnerable input fields in Artica Proxy
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Vendor Advisory x_refsource_misc
http://artica-proxy.com/telechargements/
Exploit, Third Party Advisory x_refsource_misc
https://github.com/pratikshad19/CVE-2020-15051

Scores

CVSS v3 6.1
EPSS 0.0247
EPSS Percentile 82.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
articatech/artica_proxy < 4.30.000000
Published Jul 15, 2020
Tracked Since Feb 18, 2026