CVE-2010-5018

2daybiz Online Classified Script - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in products/classified/headersearch.php in 2daybiz Online Classified Script allows remote attackers to inject arbitrary web script or HTML via the sid parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Sid3^effects · textwebappsphp

https://www.exploit-db.com/exploits/13894

View Code ZIP pw:eip

References (4)

[Exploit] http://packetstormsecurity.org/1006-exploits/2daybizocs-sqlxss.txt

[Vendor Advisory] http://secunia.com/advisories/40213

[Exploit] http://www.exploit-db.com/exploits/13894

[Exploit] http://www.securityfocus.com/bid/40890

Scores

EPSS 0.0339

EPSS Percentile 87.2%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

2daybiz/online_classified_script

Timeline

Published Nov 02, 2011

Tracked Since Feb 18, 2026