CVE-2007-0763

F3Site 2.1 - Cross-Site Scripting via News Comment Autor Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0763. PoCs published by Kacper.

AI-analyzed exploit summary This exploit targets a file upload vulnerability in F3Site <= 2.1, allowing remote code execution by uploading a malicious PHP file. It requires an admin session and cookie prefix, which can be obtained via XSS.

Description

Cross-site scripting (XSS) vulnerability in the news comment functionality in F3Site 2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the Autor field.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Kacper · phpwebappsphp
https://www.exploit-db.com/exploits/3255

This exploit targets a file upload vulnerability in F3Site <= 2.1, allowing remote code execution by uploading a malicious PHP file. It requires an admin session and cookie prefix, which can be obtained via XSS.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: F3Site <= 2.1
Auth required
Prerequisites: admin session ID · cookie prefix · XSS to steal session
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/32188
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/22379
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/3255
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/34668

Scores

EPSS 0.0172
EPSS Percentile 74.5%

Details

Status published
Products (1)
f3site/f3site 2.1
Published Feb 06, 2007
Tracked Since Feb 18, 2026