CVE-2007-4630

Absolute Poll Manager XE 4.1 - Cross-Site Scripting via msg Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4630. PoCs published by Richard Brain.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Absolute Poll Manager XE 4.1 by injecting malicious JavaScript via the 'msg' parameter in the URL. The PoC shows how an attacker can execute arbitrary JavaScript in the context of the affected website.

Description

Cross-site scripting (XSS) vulnerability in xlaapmview.asp in Absolute Poll Manager XE 4.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Richard Brain · textwebappsasp

https://www.exploit-db.com/exploits/30545

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Absolute Poll Manager XE 4.1 by injecting malicious JavaScript via the 'msg' parameter in the URL. The PoC shows how an attacker can execute arbitrary JavaScript in the context of the affected website.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Absolute Poll Manager XE 4.1

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK