VYPR
← All advisories
Unrated severityNVD Advisory· Published May 16, 2005· Updated Apr 16, 2026

CVE-2005-1611

CVE-2005-1611

Description

WebCrossing WebX 5.x is vulnerable to XSS via specially crafted URLs, allowing script injection and potential cookie theft.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

WebCrossing WebX 5.x is vulnerable to XSS via specially crafted URLs, allowing script injection and potential cookie theft.

Vulnerability

WebCrossing WebX version 5.x is susceptible to a cross-site scripting (XSS) vulnerability due to insufficient sanitization of user-supplied input. Attackers can inject arbitrary web script or HTML by including it in a URL after an "@" symbol [1].

Exploitation

An attacker can exploit this vulnerability by crafting a malicious URL that includes arbitrary script code after the "@" character, such as http://www.example.com/webx?@[code]. This URL needs to be delivered to an unsuspecting user, typically through social engineering or by posting it on a website [1].

Impact

Successful exploitation allows an attacker to execute arbitrary script code within the context of the victim's browser. This can lead to the theft of sensitive information, such as cookie-based authentication credentials, and enable other client-side attacks [1].

Mitigation

Information regarding a fixed version or patch for this vulnerability is not yet disclosed in the available references. Users are advised to consult the vendor for potential workarounds or updates. This vulnerability is not listed on the KEV catalog.

References
  1. WebCrossing WebX 5.0 - Cross-Site Scripting

AI Insight generated on Jun 2, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.