CVE-2007-6301
OpenNewsletter < 2.5 - Cross-Site Scripting via Compose.php Type Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2007-6301. PoCs published by Manu.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in OpenNewsletter 2.5 by injecting malicious script code via the 'type' parameter in the compose.php URL. The PoC includes two examples of XSS payloads that execute arbitrary JavaScript in the context of the affected site.
Description
Cross-site scripting (XSS) vulnerability in compose.php in OpenNewsletter 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter.
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in OpenNewsletter 2.5 by injecting malicious script code via the 'type' parameter in the compose.php URL. The PoC includes two examples of XSS payloads that execute arbitrary JavaScript in the context of the affected site.