CVE-2006-3909

WWWthreads - Cross-Site Scripting via Calendar Week Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3909. PoCs published by l2odon.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in WWWThreads by injecting a script tag into the 'week' parameter of calendar.php. The lack of input sanitization allows arbitrary JavaScript execution in the context of the affected site.

Description

Cross-site scripting (XSS) vulnerability in calendar.php in WWWthreads allows remote attackers to inject arbitrary web script or HTML via the week parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by l2odon · textwebappsphp

https://www.exploit-db.com/exploits/28280

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in WWWThreads by injecting a script tag into the 'week' parameter of calendar.php. The lack of input sanitization allows arbitrary JavaScript execution in the context of the affected site.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: WWWThreads (version not specified)

No auth needed

Prerequisites: Access to the vulnerable calendar.php endpoint

MITRE ATT&CK