CVE-2010-4783

PHP Web Scripts Easy Banner Free 2009.05.18 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl and (2) urlbanner parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Aliaksandr Hartsuyeu · textwebappsphp

https://www.exploit-db.com/exploits/35017

View Code ZIP pw:eip

References (6)

[Exploit] http://evuln.com/vulns/148/summary.html

[Exploit] http://packetstormsecurity.org/files/view/96154/easybannerfree-xss.txt

[Vendor Advisory] http://secunia.com/advisories/42316

[Exploit] http://www.securityfocus.com/bid/45066

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/514905/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.osvdb.org/69510

Scores

EPSS 0.0409

EPSS Percentile 88.4%

Classification

CWE

CWE-79

Status published

Affected Products (2)

phpwebscripts/easy_banner_free

n/a/n/a

Timeline

Published Apr 07, 2011

Tracked Since Feb 18, 2026