CVE-2007-5190

Alcatel OmniVista < 4760_r4.2 - Cross-Site Scripting via Action or Langue Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5190. PoCs published by Miguel Angel.

AI-analyzed exploit summary The exploit demonstrates XSS vulnerabilities in OmniVista 4760 by injecting malicious scripts via unsanitized input parameters in the URL. It includes example payloads for two different attack vectors.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Alcatel OmniVista 4760 R4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the action parameter to php-bin/Webclient.php or (2) the Langue parameter to the default URI.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Miguel Angel · textwebappsphp

https://www.exploit-db.com/exploits/30691

View Code ZIP pw:eip

The exploit demonstrates XSS vulnerabilities in OmniVista 4760 by injecting malicious scripts via unsanitized input parameters in the URL. It includes example payloads for two different attack vectors.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: OmniVista 4760

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK