CVE-2007-0183
iPlanet Web Server 4.x - Cross-Site Scripting via NS-max-records Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2007-0183. PoCs published by Khalsa.
AI-analyzed exploit summary The exploit demonstrates a cross-site scripting (XSS) vulnerability in iPlanet Web Server 4 by injecting a script tag into the 'NS-max-records' parameter of the search endpoint. The lack of input sanitization allows arbitrary JavaScript execution in the context of the affected site.
Description
Cross-site scripting (XSS) vulnerability in /search in iPlanet Web Server 4.x allows remote attackers to inject arbitrary web script or HTML via the NS-max-records parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
Exploits (1)
The exploit demonstrates a cross-site scripting (XSS) vulnerability in iPlanet Web Server 4 by injecting a script tag into the 'NS-max-records' parameter of the search endpoint. The lack of input sanitization allows arbitrary JavaScript execution in the context of the affected site.