Exploitation Summary
EIP tracks 1 public exploit for CVE-2010-4877. PoCs published by anT!-Tr0J4n.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in OneCMS 2.6.1 by injecting arbitrary JavaScript code via the 'view' parameter in the URL. The PoC uses a simple alert to display the user's cookies, proving the vulnerability.
Description
Cross-site scripting (XSS) vulnerability in index.php in OneCMS 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the view parameter.
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in OneCMS 2.6.1 by injecting arbitrary JavaScript code via the 'view' parameter in the URL. The PoC uses a simple alert to display the user's cookies, proving the vulnerability.