CVE-2013-3639
Xaraya < 2.4.0 - Cross-Site Scripting via id/interface/name/tabmodule Parameters
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2013-3639. PoCs published by High-Tech Bridge.
AI-analyzed exploit summary This exploit demonstrates multiple reflected XSS vulnerabilities in Xaraya 2.4.0-b1 by injecting malicious scripts into various URL parameters, leading to arbitrary JavaScript execution in the context of the affected site.
Description
Multiple cross-site scripting (XSS) vulnerabilities in Xaraya 2.4.0-b1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) interface, (3) name, or (4) tabmodule parameter to index.php.
Exploits (1)
This exploit demonstrates multiple reflected XSS vulnerabilities in Xaraya 2.4.0-b1 by injecting malicious scripts into various URL parameters, leading to arbitrary JavaScript execution in the context of the affected site.