CVE-2008-6839
TGS Content Management 0.3.2r2 - Cross-Site Scripting via msg, goodmsg, dir, or id Parameters
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2008-6839. PoCs published by Julian Rodriguez.
AI-analyzed exploit summary This exploit demonstrates XSS vulnerabilities in TGS Content Management by injecting arbitrary script code via unsanitized input in the 'previous_page' parameter. The PoC includes example URLs that trigger JavaScript alerts.
Description
Multiple cross-site scripting (XSS) vulnerabilities in TGS Content Management 0.3.2r2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg and (2) goodmsg parameters to (a) login.php and (b) index.php, and the (3) dir and (4) id parameters to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Exploits (2)
This exploit demonstrates XSS vulnerabilities in TGS Content Management by injecting arbitrary script code via unsanitized input in the 'previous_page' parameter. The PoC includes example URLs that trigger JavaScript alerts.
The exploit demonstrates multiple XSS vulnerabilities in TGS Content Management 0.3.2r2 by injecting arbitrary script code via unsanitized input parameters in the URL. The PoC includes specific URLs with payloads that trigger alert dialogs, confirming the vulnerability.