CVE-2004-1844

Vulnerability

Member Management System 2.1 contains a cross-site scripting (XSS) vulnerability in the error.asp page via the err parameter and in the register.asp registration form. The application fails to sanitize user-supplied input, allowing arbitrary script injection. The vulnerability is present in version 2.1 as described in the advisory [1].

Exploitation

An attacker can exploit this by crafting a malicious URL such as http://[host]/error.asp?err=" or by injecting script into the registration form fields. The injected script is executed when an administrator views the affected page, as demonstrated in the advisory with an iframe payload that deletes a user [1]. No authentication is required for the initial injection, but the XSS payload triggers in the context of an authenticated admin session.

Impact

Successful exploitation allows an attacker to execute arbitrary JavaScript in the context of the administration site. This can lead to modification or deletion of user and admin data, disclosure of authentication information, and potentially execution of arbitrary code via network [1]. The attacker gains the ability to perform administrative actions on behalf of the victim.

Mitigation

No official patch has been identified for Member Management System 2.1. The vendor was contacted but the advisory does not confirm a fix [1]. Users should implement input validation and output encoding, or migrate to a supported alternative. This vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.