CVE-2006-4751

Laurentiu Matei XHP CMS 0.5.1 - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4751. PoCs published by HACKERS PAL.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in XHP CMS 0.5.1 by injecting a JavaScript payload via the 'errcode' parameter. The payload executes arbitrary JavaScript, potentially stealing cookies or performing other malicious actions.

Description

Cross-site scripting (XSS) vulnerability in index.php in Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the errcode parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by HACKERS PAL · textwebappsphp

https://www.exploit-db.com/exploits/28509

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in XHP CMS 0.5.1 by injecting a JavaScript payload via the 'errcode' parameter. The payload executes arbitrary JavaScript, potentially stealing cookies or performing other malicious actions.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: XHP CMS 0.5.1

No auth needed

Prerequisites: Access to a vulnerable XHP CMS instance

MITRE ATT&CK