CVE-2009-3512

This exploit demonstrates a reflected XSS vulnerability in MyWeight 1.0 by injecting arbitrary JavaScript via the 'date' parameter in user_addfood.php. The payload bypasses basic sanitization using mixed case and URL encoding.

The provided text describes a cross-site scripting (XSS) vulnerability in MyWeight 1.0, where user-supplied input is not properly sanitized. The example demonstrates an XSS payload in the 'info' parameter of a URL.

This exploit demonstrates multiple cross-site scripting (XSS) vulnerabilities in MyWeight 1.0 by injecting arbitrary JavaScript code via the 'info' and 'return' parameters in the user_login.php page. The PoC includes URLs with crafted payloads that trigger XSS when accessed.