CVE-2007-1433

grayscale_blog < 0.8.0 - Cross-Site Scripting via Comment Fields

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1433.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in Grayscale Blog 0.8.0, including an authentication bypass via unsanitized user input in add_user.php, XSS in comment fields, and potential SQL injection in various scripts. It provides technical analysis and proof-of-concept examples for exploitation.

Description

Cross-site scripting (XSS) vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment fields to (1) scripts/addblog_comment.php and (2) detail.php.

Exploits (1)

exploitdb WRITEUP
webappsphp
https://www.exploit-db.com/exploits/3447

This advisory details multiple vulnerabilities in Grayscale Blog 0.8.0, including an authentication bypass via unsanitized user input in add_user.php, XSS in comment fields, and potential SQL injection in various scripts. It provides technical analysis and proof-of-concept examples for exploitation.

Classification
Writeup 90%
Attack Type
Auth Bypass | Xss | Sqli
Complexity
Trivial
Reliability
Reliable
Target: Grayscale Blog 0.8.0
No auth needed
Prerequisites: Access to the target web application
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0916
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2417
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/462441/100/0/threaded
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/22911

Scores

EPSS 0.0150
EPSS Percentile 70.9%

Details

Status published
Products (1)
grayscale/grayscale_blog < 0.8.0
Published Mar 13, 2007
Tracked Since Feb 18, 2026