CVE-2006-5239
expblog < 0.3.5 - Cross-Site Scripting via PHP_SELF or captcha_session_code Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-5239. PoCs published by Tamriel.
AI-analyzed exploit summary The exploit demonstrates multiple XSS vulnerabilities in eXpBlog by injecting arbitrary JavaScript code via URL parameters. The PoC includes two examples of crafted URLs that trigger script execution in the context of the affected site.
Description
Multiple cross-site scripting (XSS) vulnerabilities in eXpBlog 0.3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the query string (PHP_SELF) in kalender.php or (2) the captcha_session_code parameter in pre_details.php.
Exploits (1)
The exploit demonstrates multiple XSS vulnerabilities in eXpBlog by injecting arbitrary JavaScript code via URL parameters. The PoC includes two examples of crafted URLs that trigger script execution in the context of the affected site.