CVE-2014-1944
ilch_cms < 2.0 - Cross-Site Scripting via Guestbook Text Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2014-1944. PoCs published by High-Tech Bridge SA.
AI-analyzed exploit summary This advisory details a Cross-Site Scripting (XSS) vulnerability in Ilch CMS 2.0, where insufficient sanitization of the 'text' HTTP POST parameter allows arbitrary script execution. The exploit example demonstrates injecting a JavaScript alert via a crafted POST request to the guestbook endpoint.
Description
Cross-site scripting (XSS) vulnerability in Ilch CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the text parameter to index.php/guestbook/index/newentry.
Exploits (1)
This advisory details a Cross-Site Scripting (XSS) vulnerability in Ilch CMS 2.0, where insufficient sanitization of the 'text' HTTP POST parameter allows arbitrary script execution. The exploit example demonstrates injecting a JavaScript alert via a crafted POST request to the guestbook endpoint.