Exploitation Summary
EIP tracks 4 public exploits for CVE-2008-1273. PoCs published by ZoRLu.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Imagevue 1.7 by injecting a script tag into the 'path' parameter of the upload.php file. The vulnerability arises due to insufficient input sanitization, allowing arbitrary JavaScript execution in the context of the affected site.
Description
Multiple cross-site scripting (XSS) vulnerabilities in imageVue 1.7 allow remote attackers to inject arbitrary web script or HTML via the path parameter to (1) popup.php, (2) test/dir2.php, (3) admin/upload.php, and (4) dirxml.php in upload/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Exploits (4)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in Imagevue 1.7 by injecting a script tag into the 'path' parameter of the upload.php file. The vulnerability arises due to insufficient input sanitization, allowing arbitrary JavaScript execution in the context of the affected site.
This exploit demonstrates a cross-site scripting (XSS) vulnerability in Imagevue 1.7 by injecting arbitrary JavaScript code via the 'path' parameter in popup.php. The PoC uses a simple alert-based payload to confirm the vulnerability.
This exploit demonstrates a cross-site scripting (XSS) vulnerability in Imagevue 1.7 by injecting a script tag into the 'path' parameter of dirxml.php. The vulnerability arises due to insufficient input sanitization, allowing arbitrary JavaScript execution in the context of the affected site.
The provided text describes a cross-site scripting (XSS) vulnerability in Imagevue 1.7, where user-supplied input is not properly sanitized. It includes a proof-of-concept URL demonstrating the XSS payload.