CVE-2010-4909

PaysiteReviewCMS 1.1 - Cross-Site Scripting via Search or Image Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-4909. PoCs published by Valentin Hoebel.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Mechanical Bunny Media PaysiteReviewCMS 1.1, where user-supplied input is not properly sanitized. The vulnerability can be exploited via the 'q' parameter in the search.php file.

Description

Multiple cross-site scripting (XSS) vulnerabilities in PaysiteReviewCMS 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to search.php or the (2) image parameter to image.php.

Exploits (2)

exploitdb WRITEUP VERIFIED
by Valentin Hoebel · textwebappsphp
https://www.exploit-db.com/exploits/34619

The provided text describes a cross-site scripting (XSS) vulnerability in Mechanical Bunny Media PaysiteReviewCMS 1.1, where user-supplied input is not properly sanitized. The vulnerability can be exploited via the 'q' parameter in the search.php file.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Mechanical Bunny Media PaysiteReviewCMS 1.1
No auth needed
Prerequisites: Access to the vulnerable search.php endpoint
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Valentin Hoebel · textwebappsphp
https://www.exploit-db.com/exploits/34620

The provided text describes a cross-site scripting (XSS) vulnerability in Mechanical Bunny Media PaysiteReviewCMS 1.1, where user-supplied input is not properly sanitized. The vulnerability can be exploited via the 'image' parameter in the 'image.php' file.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Mechanical Bunny Media PaysiteReviewCMS 1.1
No auth needed
Prerequisites: Access to the vulnerable web application
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8444
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/41431

Scores

EPSS 0.0151
EPSS Percentile 71.5%

Details

CWE
CWE-79
Status published
Products (1)
mechbunny/paysitereviewcms 1.1
Published Oct 08, 2011
Tracked Since Feb 18, 2026