CVE-2004-1657
Newtelligence DasBlog - Cross-Site Scripting via User Agent or Referrer HTTP Headers
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2004-1657. PoCs published by Dominick Baier.
AI-analyzed exploit summary This exploit demonstrates an HTML injection vulnerability in DasBlog's request log. By sending a crafted HTTP request with a malicious User-Agent header, an attacker can inject arbitrary HTML and script code, which executes when an administrator views the 'Activity and Events Viewer'.
Description
Cross-site scripting (XSS) vulnerability in the Activity and Events Viewer for Newtelligence DasBlog allows remote attackers to inject arbitrary web script or HTML via the (1) User Agent or (2) Referrer HTTP headers.
Exploits (1)
This exploit demonstrates an HTML injection vulnerability in DasBlog's request log. By sending a crafted HTTP request with a malicious User-Agent header, an attacker can inject arbitrary HTML and script code, which executes when an administrator views the 'Activity and Events Viewer'.