CVE-2007-3198
Maran PHP Blog < 2007-04-22 - Cross-Site Scripting via Comments ID Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2007-3198. PoCs published by Dr.Crash.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Maran PHP Blog by injecting a malicious script via the 'id' parameter in comments.php. The PoC URL encodes a script tag that triggers an alert with the document.cookie value.
Description
Cross-site scripting (XSS) vulnerability in comments.php in Maran PHP Blog (Maran Blog), possibly only versions before 20070610, allows remote attackers to inject arbitrary web script or HTML via the id parameter.
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in Maran PHP Blog by injecting a malicious script via the 'id' parameter in comments.php. The PoC URL encodes a script tag that triggers an alert with the document.cookie value.