CVE-2007-1873
Mephisto 0.7.3 - Cross-Site Scripting via Search q Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2007-1873. PoCs published by The[Boss].
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Mephisto Blog 0.7.3 by injecting a malicious script via the search query parameter. The script exfiltrates the user's cookies to an attacker-controlled domain.
Description
Cross-site scripting (XSS) vulnerability in Mephisto 0.7.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search script.
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in Mephisto Blog 0.7.3 by injecting a malicious script via the search query parameter. The script exfiltrates the user's cookies to an attacker-controlled domain.