CVE-2011-1670
InTerra Blog Machine 1.84 - Cross-Site Scripting via Subject Parameter
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2011-1670. PoCs published by High-Tech Bridge SA.
AI-analyzed exploit summary This is a proof-of-concept for a stored XSS vulnerability in InTerra Blog Machine 1.84. The exploit demonstrates how arbitrary JavaScript can be executed by injecting a malicious script into the 'subject' parameter via a crafted form submission.
Description
Cross-site scripting (XSS) vulnerability in actions/add.php in InTerra Blog Machine 1.84, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the subject parameter to post_url/edit.
Exploits (2)
This is a proof-of-concept for a stored XSS vulnerability in InTerra Blog Machine 1.84. The exploit demonstrates how arbitrary JavaScript can be executed by injecting a malicious script into the 'subject' parameter via a crafted form submission.
This exploit demonstrates an HTML injection vulnerability in InTerra Blog Machine 1.84. It submits a malicious form with a script payload in the 'subject' field, which executes arbitrary JavaScript in the context of the affected site.