CVE-2009-4926
Online Contact Manager 3.0 - Cross-Site Scripting via showGroup and id Parameters
Title source: llmExploitation Summary
EIP tracks 5 public exploits for CVE-2009-4926. PoCs published by Vrs-hCk.
AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Online Contact Manager 3.0, where user-supplied input is not properly sanitized. The example demonstrates a simple XSS payload injected via the 'id' parameter in the URL.
Description
Multiple cross-site scripting (XSS) vulnerabilities in Online Contact Manager (formerly EContact PRO) 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showGroup parameter to (a) index.php and the (2) id parameter to (b) view.php, (c) email.php, (d) edit.php, and (e) delete.php.
Exploits (5)
The provided text describes a cross-site scripting (XSS) vulnerability in Online Contact Manager 3.0, where user-supplied input is not properly sanitized. The example demonstrates a simple XSS payload injected via the 'id' parameter in the URL.
This exploit demonstrates a cross-site scripting (XSS) vulnerability in Online Contact Manager 3.0 by injecting a script tag into the 'showGroup' parameter. The PoC shows how arbitrary JavaScript can be executed in the context of the affected site.
The provided text describes a cross-site scripting (XSS) vulnerability in Online Contact Manager 3.0, where user-supplied input is not properly sanitized. The example demonstrates a reflected XSS attack via the 'id' parameter in 'email.php'.
The provided text describes a cross-site scripting (XSS) vulnerability in Online Contact Manager 3.0, where user-supplied input is not properly sanitized. The example demonstrates a simple XSS payload injected via the 'id' parameter in edit.php.
The provided text describes a cross-site scripting (XSS) vulnerability in Online Contact Manager 3.0, where user-supplied input is not properly sanitized. The example demonstrates a reflected XSS attack via the 'id' parameter in delete.php.