Exploitation Summary
EIP tracks 1 public exploit for CVE-2008-1228. PoCs published by Jose Carlos Norte.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in MG2 by injecting arbitrary JavaScript code via the 'list' parameter in the admin.php page. The PoC uses a simple alert to display the document.cookie, proving the lack of input sanitization.
Description
Cross-site scripting (XSS) vulnerability in admin.php in MG2 (formerly Minigal) allows remote attackers to inject arbitrary web script or HTML via the list parameter in an import action.
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in MG2 by injecting arbitrary JavaScript code via the 'list' parameter in the admin.php page. The PoC uses a simple alert to display the document.cookie, proving the lack of input sanitization.