CVE-2010-1712

Webmobo WB News 2.3.3 - Cross-Site Scripting via Name and Message Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-1712. PoCs published by ITSecTeam.

AI-analyzed exploit summary The exploit describes a stored XSS vulnerability in WB News (Webmobo) 2.3.3 where the comment sender's name is not properly filtered, allowing arbitrary script execution. The vulnerability is located in the Comments.php file and rendered in the list-comments.ihtml template.

Description

Multiple cross-site scripting (XSS) vulnerabilities in base/Comments.php in Webmobo WB News 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and possibly (2) message parameters. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by ITSecTeam · textwebappsphp

https://www.exploit-db.com/exploits/12323

View Code ZIP pw:eip

The exploit describes a stored XSS vulnerability in WB News (Webmobo) 2.3.3 where the comment sender's name is not properly filtered, allowing arbitrary script execution. The vulnerability is located in the Comments.php file and rendered in the list-comments.ihtml template.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: WB News (Webmobo) 2.3.3

No auth needed

Prerequisites: Access to the comment posting functionality

MITRE ATT&CK