CVE-2005-4307
ScareCrow < 2.13 - Cross-Site Scripting via Forum or User Parameter
Title source: llmExploitation Summary
EIP tracks 3 public exploits for CVE-2005-4307. PoCs published by r0t3d3Vil.
AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in ScareCrow version 2.13, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could inject arbitrary script code via the 'user' parameter.
Description
Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the forum parameter to (1) forum.cgi and (2) post.cgi, or (3) the user parameter to profile.cgi.
Exploits (3)
The provided text describes a cross-site scripting (XSS) vulnerability in ScareCrow version 2.13, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could inject arbitrary script code via the 'user' parameter.
The provided text describes a cross-site scripting (XSS) vulnerability in ScareCrow version 2.13, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could inject arbitrary script code via the 'forum' parameter.
The provided text describes a cross-site scripting (XSS) vulnerability in ScareCrow version 2.13, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could inject arbitrary script code into the 'forum' parameter.