Exploitation Summary
EIP tracks 2 public exploits for CVE-2007-4079. PoCs published by Lostmon.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in SMS Text Messaging Enterprise by injecting arbitrary script code via unsanitized user input in the 'domain' and 'q' parameters.
Description
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft SMS Text Messaging Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) q parameter to (a) admin/membersearch.php, or (3) the userid parameter to (b) admin/edituser.php.
Exploits (2)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in SMS Text Messaging Enterprise by injecting arbitrary script code via unsanitized user input in the 'domain' and 'q' parameters.
This exploit demonstrates a cross-site scripting (XSS) vulnerability in SMS Text Messaging Enterprise by injecting a script tag into the 'userid' parameter of the edituser.php page. The lack of input sanitization allows arbitrary JavaScript execution in the context of the affected site.