CVE-2007-3888

insanely_simple_blog <= 0.5 - Cross-Site Scripting via Search Action or Anonymous Blog Entry

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3888. PoCs published by joseph.giron13.

AI-analyzed exploit summary This exploit demonstrates XSS vulnerabilities in Insanely Simple Blog 0.5 and prior versions by injecting malicious JavaScript via HTML attributes. The PoC shows how arbitrary script execution can occur in the context of the webserver process due to insufficient input sanitization.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the search action, possibly related to the term parameter to index.php; or (2) an anonymous blog entry, possibly involving the (a) posted_by, (b) subject, and (c) content parameters to index.php; as demonstrated by the onmouseover attribute of certain elements. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED
by joseph.giron13 · textwebappsphp
https://www.exploit-db.com/exploits/30318

This exploit demonstrates XSS vulnerabilities in Insanely Simple Blog 0.5 and prior versions by injecting malicious JavaScript via HTML attributes. The PoC shows how arbitrary script execution can occur in the context of the webserver process due to insufficient input sanitization.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Insanely Simple Blog 0.5 and prior
No auth needed
Prerequisites: Access to a vulnerable instance of Insanely Simple Blog
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/35448
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26105
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/24934
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2904
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/473868/100/0/threaded

Scores

EPSS 0.0155
EPSS Percentile 71.7%

Details

Status published
Products (1)
insanely_simple_blog/insanely_simple_blog < 0.5
Published Jul 18, 2007
Tracked Since Feb 18, 2026