CVE-2007-3396
KeyFocus KF Web Server 3.1.0 - Cross-Site Scripting via opsubmenu Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2007-3396. PoCs published by Shay Priel.
AI-analyzed exploit summary The exploit demonstrates a cross-site scripting (XSS) vulnerability in Key Focus Web Server 3.1.0 by injecting a malicious script via the 'opsubmenu' parameter. The payload triggers an alert dialog, proving arbitrary JavaScript execution in the context of the affected site.
Description
Cross-site scripting (XSS) vulnerability in index.wkf in KeyFocus (KF) web server 3.1.0 allows remote attackers to inject arbitrary web script or HTML via the opsubmenu parameter.
Exploits (1)
The exploit demonstrates a cross-site scripting (XSS) vulnerability in Key Focus Web Server 3.1.0 by injecting a malicious script via the 'opsubmenu' parameter. The payload triggers an alert dialog, proving arbitrary JavaScript execution in the context of the affected site.