CVE-2008-4648
Elxis CMS 2008.1 revision 2204 - Cross-Site Scripting via PATH_INFO or Multiple Parameters
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2008-4648. PoCs published by faithlove.
AI-analyzed exploit summary The exploit demonstrates multiple XSS vulnerabilities in Elxis CMS by injecting arbitrary JavaScript via unsanitized URL parameters. It also highlights a session-fixation vulnerability, allowing attackers to hijack user sessions.
Description
Cross-site scripting (XSS) vulnerability in index.php in Elxis CMS 2008.1 revision 2204 allows remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO or the (2) option, (3) Itemid, (4) id, (5) task, (6) bid, and (7) contact_id parameters. NOTE: the error might be located in modules/mod_language.php, and index.php might be the interaction point.
Exploits (1)
The exploit demonstrates multiple XSS vulnerabilities in Elxis CMS by injecting arbitrary JavaScript via unsanitized URL parameters. It also highlights a session-fixation vulnerability, allowing attackers to hijack user sessions.