Description
Multiple cross-site scripting (XSS) vulnerabilities in Online Contact Manager (formerly EContact PRO) 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showGroup parameter to (a) index.php and the (2) id parameter to (b) view.php, (c) email.php, (d) edit.php, and (e) delete.php.
Exploits (5)
exploitdb
WORKING POC
VERIFIED
by Vrs-hCk · textwebappsphp
https://www.exploit-db.com/exploits/32933
References (3)
Core 3
Core References
Exploit x_refsource_misc
http://packetstorm.linuxsecurity.com/0904-exploits/ocm30-xss.txt
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/34626
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34826
Scores
EPSS
0.0056
EPSS Percentile
68.4%
Details
CWE
CWE-79
Status
published
Products (1)
esoftpro/online_contact_manager
3.0
Published
Jul 12, 2010
Tracked Since
Feb 18, 2026