cbcvebase.
CVE-2005-3128
published 2005-10-04

CVE-2005-3128: Cross-site scripting (XSS) vulnerability in add.php in Address Add Plugin 1.9 and 2.0 for Squirrelmail allows remote attackers to inject arbitrary web script…

PriorityP269medium4.3CVSS 2.0
AVNACMAuNCNIPAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
3.44%
87.5th percentile
Cross-site scripting (XSS) vulnerability in add.php in Address Add Plugin 1.9 and 2.0 for Squirrelmail allows remote attackers to inject arbitrary web script or HTML via the IMG tag.

Affected

2 ranges
VendorProductVersion rangeFixed in
squirrelmailaddress_add_plugin
squirrelmailaddress_add_plugin

Detection & IOCsextracted from sources · hover to see the quote

path/plugins/address_add/add.php
url{{BaseURL}}/plugins/address_add/add.php?first=HOVER%20ME!%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
urlhttp://www.example.com/squirrelmail_root_dir/plugins/address_add/add.php?first=HOVER%20ME!%22%20onMouseOver=%22alert('foo');
  • Look for GET requests to /plugins/address_add/add.php with unsanitized user input in the 'first' query parameter, particularly containing HTML/script injection payloads (e.g., <script>, onMouseOver event handlers, or IMG tags).
  • Match HTTP 200 responses from /plugins/address_add/add.php with Content-Type: text/html that reflect injected script content (e.g., alert(document.domain)) in the response body.
  • The vulnerability is exploitable via the 'first' GET parameter in add.php; monitor for URL-encoded script tags or event handler injections (e.g., %3Cscript%3E, onMouseOver) in requests to this endpoint.
  • ·The CVE references versions 1.9 and 2.0 of the Address Add Plugin, but the exploit-db proof-of-concept and Nuclei template target version 1.4.2. Detections should cover all three version references.
  • ·Successful exploitation allows theft of cookie-based authentication credentials; ensure cookie theft detection (e.g., document.cookie exfiltration) is also monitored in addition to alert-based XSS probes.

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.