CVE-2006-2141

Collaborative Portal Server <= 3.4.0 - Cross-Site Scripting via popup_image pos Argument

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2141. PoCs published by r0t.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Collaborative Portal Server 3.4.0, where user-supplied input is not properly sanitized. The vulnerability can be exploited via a crafted URL parameter, allowing arbitrary script execution in the context of the affected site.

Description

Cross-site scripting (XSS) vulnerability in popup_image in Collaborative Portal Server (CPS) 3.4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the pos argument.

Exploits (1)

exploitdb WRITEUP VERIFIED

by r0t · textwebappsphp

https://www.exploit-db.com/exploits/27793

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in Collaborative Portal Server 3.4.0, where user-supplied input is not properly sanitized. The vulnerability can be exploited via a crafted URL parameter, allowing arbitrary script execution in the context of the affected site.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Collaborative Portal Server 3.4.0

No auth needed

Prerequisites: Access to the target application · Ability to craft a malicious URL

MITRE ATT&CK