CVE-2008-0691

EIP tracks 1 public exploit for CVE-2008-0691. PoCs published by NBBN.

AI-analyzed exploit summary The exploit demonstrates multiple XSS vulnerabilities in the WP-Footnotes WordPress plugin by injecting malicious scripts via unsanitized input parameters. The PoC includes URLs with payloads that trigger arbitrary JavaScript execution in the context of the affected site.

Multiple cross-site scripting (XSS) vulnerabilities in admin_panel.php in the Simon Elvery WP-Footnotes 2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wp_footnotes_current_settings[priority], (2) wp_footnotes_current_settings[style_rules], (3) wp_footnotes_current_settings[pre_footnotes], and (4) wp_footnotes_current_settings[post_footnotes] parameters.