CVE-2010-4874
NinkoBB 1.3 RC5 - Cross-Site Scripting via User Profile Parameters
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2010-4874. PoCs published by High-Tech Bridge SA.
AI-analyzed exploit summary This is a working proof-of-concept for a stored XSS vulnerability in NinkoBB 1.3RC5. The exploit demonstrates how arbitrary JavaScript can be executed via unsanitized input in the 'first_name', 'last_name', 'msn', and 'aim' parameters in the 'users.php' script.
Description
Multiple cross-site scripting (XSS) vulnerabilities in users.php in NinkoBB 1.3 RC5 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, (3) msn, or (4) aim parameter.
Exploits (1)
This is a working proof-of-concept for a stored XSS vulnerability in NinkoBB 1.3RC5. The exploit demonstrates how arbitrary JavaScript can be executed via unsanitized input in the 'first_name', 'last_name', 'msn', and 'aim' parameters in the 'users.php' script.