CVE-2006-1487

ActiveCampaign SupportTrio 2.50.2 - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1487. PoCs published by r0t.

AI-analyzed exploit summary The provided text describes multiple XSS vulnerabilities in ActiveCampaign SupportTrio due to insufficient input sanitization. It includes example URLs demonstrating the vulnerable parameters but lacks executable exploit code.

Description

Cross-site scripting (XSS) vulnerability in ActiveCampaign SupportTrio 2.50.2 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the KnowledgeBase search module.

Exploits (1)

exploitdb WRITEUP VERIFIED

by r0t · textwebappsphp

https://www.exploit-db.com/exploits/27492

View Code ZIP pw:eip

The provided text describes multiple XSS vulnerabilities in ActiveCampaign SupportTrio due to insufficient input sanitization. It includes example URLs demonstrating the vulnerable parameters but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Theoretical

Target: ActiveCampaign SupportTrio 2.50.2

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK