CVE-2010-4909
PaysiteReviewCMS 1.1 - Cross-Site Scripting via Search or Image Parameter
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2010-4909. PoCs published by Valentin Hoebel.
AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Mechanical Bunny Media PaysiteReviewCMS 1.1, where user-supplied input is not properly sanitized. The vulnerability can be exploited via the 'q' parameter in the search.php file.
Description
Multiple cross-site scripting (XSS) vulnerabilities in PaysiteReviewCMS 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to search.php or the (2) image parameter to image.php.
Exploits (2)
The provided text describes a cross-site scripting (XSS) vulnerability in Mechanical Bunny Media PaysiteReviewCMS 1.1, where user-supplied input is not properly sanitized. The vulnerability can be exploited via the 'q' parameter in the search.php file.
The provided text describes a cross-site scripting (XSS) vulnerability in Mechanical Bunny Media PaysiteReviewCMS 1.1, where user-supplied input is not properly sanitized. The vulnerability can be exploited via the 'image' parameter in the 'image.php' file.