Exploitation Summary
EIP tracks 1 public exploit for CVE-2009-0611. PoCs published by Ivan Sanchez.
AI-analyzed exploit summary This exploit demonstrates multiple cross-site scripting (XSS) vulnerabilities in Novell QuickFinder Server by injecting malicious script tags into various admin endpoints. The PoC shows how unsanitized user input can be leveraged to execute arbitrary JavaScript in the context of the affected site.
Description
Multiple cross-site scripting (XSS) vulnerabilities in qfsearch/AdminServlet in QuickFinder Server in Novell Open Enterprise Server 1.x allow remote attackers to inject arbitrary web script or HTML via (1) the siteloc parameter in a displayaddsite action, the site parameter in a (2) generalproperties or (3) clusterserviceproperties action, (4) the adminurl parameter in a global action, or (5) the print-list parameter.
Exploits (1)
This exploit demonstrates multiple cross-site scripting (XSS) vulnerabilities in Novell QuickFinder Server by injecting malicious script tags into various admin endpoints. The PoC shows how unsanitized user input can be leveraged to execute arbitrary JavaScript in the context of the affected site.