CVE-2010-3893

IBM OmniFind Enterprise Edition 8.x and 9.x - Session Impersonation via Stolen Cookie

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-3893. PoCs published by Fatih Kilic.

AI-analyzed exploit summary The exploit demonstrates a reflected XSS vulnerability in IBM OmniFind by injecting a malicious script into the 'command' parameter of the 'collection.do' endpoint. The script executes in the context of the affected site, potentially stealing cookies or performing other malicious actions.

Description

The administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x does not restrict use of a session ID (aka SID) value to a single IP address, which allows remote attackers to perform arbitrary administrative actions by leveraging cookie theft, related to a "session impersonation" issue.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Fatih Kilic · textremotemultiple

https://www.exploit-db.com/exploits/35003

View Code ZIP pw:eip

The exploit demonstrates a reflected XSS vulnerability in IBM OmniFind by injecting a malicious script into the 'command' parameter of the 'collection.do' endpoint. The script executes in the context of the affected site, potentially stealing cookies or performing other malicious actions.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: IBM OmniFind versions 8.5 and 9.0

No auth needed

Prerequisites: Access to the vulnerable IBM OmniFind web interface

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/514688/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/44740

Exploit x_refsource_misc

http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/2933

Scores

EPSS 0.0240

EPSS Percentile 81.9%

Details

CWE

CWE-264

Status published

Products (5)

ibm/omnifind 8.0

ibm/omnifind 8.4

ibm/omnifind 8.5

ibm/omnifind 9.0

ibm/omnifind 9.1

Published Nov 12, 2010

Tracked Since Feb 18, 2026