CVE-2007-2011

DeskPro 2.0.1 - Cross-Site Scripting via Username Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2011. PoCs published by John Martinelli.

AI-analyzed exploit summary This is a proof-of-concept for a cross-site scripting (XSS) vulnerability in DeskPRO 2.0.1. The exploit demonstrates how attacker-supplied HTML and script code can execute in the context of the affected site by injecting malicious input into the username field.

Description

Cross-site scripting (XSS) vulnerability in login.php in DeskPro 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by John Martinelli · htmlwebappsphp

https://www.exploit-db.com/exploits/29828

View Code ZIP pw:eip

This is a proof-of-concept for a cross-site scripting (XSS) vulnerability in DeskPRO 2.0.1. The exploit demonstrates how attacker-supplied HTML and script code can execute in the context of the affected site by injecting malicious input into the username field.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: DeskPRO 2.0.1

No auth needed

Prerequisites: Access to the login page of the target DeskPRO instance

MITRE ATT&CK