CVE-2010-4895

chillyCMS 1.1.3 - Cross-Site Scripting via Name Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4895. PoCs published by AmnPardaz.

AI-analyzed exploit summary This is a vulnerability writeup describing SQL injection and reflective XSS vulnerabilities in chillyCMS version 1.1.3. It includes proof-of-concept vectors for both vulnerabilities but does not contain executable exploit code.

Description

Cross-site scripting (XSS) vulnerability in core/showsite.php in chillyCMS 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the username field). NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by AmnPardaz · textwebappsphp

https://www.exploit-db.com/exploits/14897

View Code ZIP pw:eip

This is a vulnerability writeup describing SQL injection and reflective XSS vulnerabilities in chillyCMS version 1.1.3. It includes proof-of-concept vectors for both vulnerabilities but does not contain executable exploit code.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Reliable

Target: chillyCMS 1.1.3

No auth needed

Prerequisites: access to the login page of the target application

MITRE ATT&CK