CVE-2009-0573
FotoWeb 6.0 Build 273 - Cross-Site Scripting via Login and Grid Search Parameters
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2009-0573. PoCs published by Stelios Tigkas.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in FotoWeb 6.0 by injecting a script tag into the 's' parameter of the Login.fwx endpoint. The PoC triggers an alert box, proving arbitrary JavaScript execution in the context of the affected site.
Description
Multiple cross-site scripting (XSS) vulnerabilities in FotoWeb 6.0 (Build 273) allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to cmdrequest/Login.fwx and the (2) search parameter to Grid.fwx.
Exploits (2)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in FotoWeb 6.0 by injecting a script tag into the 's' parameter of the Login.fwx endpoint. The PoC triggers an alert box, proving arbitrary JavaScript execution in the context of the affected site.
This exploit demonstrates a cross-site scripting (XSS) vulnerability in FotoWeb 6.0 by injecting a script tag into the search parameter of the Grid.fwx endpoint. The vulnerability arises due to insufficient input sanitization, allowing arbitrary JavaScript execution in the context of the affected site.