CVE-2008-3391
Web Wiz Forum 9.5 - Cross-Site Scripting via Mode Parameter
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2008-3391. PoCs published by CSDT.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Web Wiz Forums 9.5 by injecting a malicious script via the 'mode' parameter in the admin_group_details.asp page. The script executes arbitrary JavaScript in the context of the affected site, potentially stealing cookie-based authentication credentials.
Description
Multiple cross-site scripting (XSS) vulnerabilities in Web Wiz Forum 9.5 allow remote attackers to inject arbitrary web script or HTML via the mode parameter to (1) admin_group_details.asp and (2) admin_category_details.asp.
Exploits (2)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in Web Wiz Forums 9.5 by injecting a malicious script via the 'mode' parameter in the admin_group_details.asp page. The script executes arbitrary JavaScript in the context of the affected site, potentially stealing cookie-based authentication credentials.
This exploit demonstrates a cross-site scripting (XSS) vulnerability in Web Wiz Forums 9.5 by injecting a malicious script via the 'mode' parameter in the URL. The script executes arbitrary JavaScript in the context of the affected site, potentially stealing cookie-based authentication credentials.