CVE-2017-7998

MEDIUM

gespage < 7.4.9 - Stored Cross-Site Scripting via Printer Name or Username Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-7998. PoCs published by tnpitsecurity, homjxi0e.

AI-analyzed exploit summary The repository contains a functional Python script and detailed instructions for exploiting an SQL injection vulnerability in Gespage, allowing attackers to reset the admin password and gain unauthorized access. The PoC includes curl commands for detection and a script for exploitation.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Gespage before 7.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) printer name when adding a printer in the admin panel or (2) username parameter to webapp/users/user_reg.jsp.

Exploits (2)

github WORKING POC 4 stars

by tnpitsecurity · poc

https://github.com/tnpitsecurity/CVEs/tree/master/CVE-2017-7998

View Code ZIP pw:eip

The repository contains a functional Python script and detailed instructions for exploiting an SQL injection vulnerability in Gespage, allowing attackers to reset the admin password and gain unauthorized access. The PoC includes curl commands for detection and a script for exploitation.

Classification

Working Poc 100%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Gespage versions up to 7.4.8

Auth required

Prerequisites: Authenticated user session (JSESSIONID cookie) · Access to vulnerable Gespage web interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 27, 2026 Full analysis →

nomisec WORKING POC

by homjxi0e · poc

https://github.com/homjxi0e/CVE-2017-7998

View Code ZIP pw:eip

This PoC exploits CVE-2017-7998 by modifying the .bashrc file to execute a denial-of-service (DoS) attack. It creates and executes scripts to remove the .bashrc file, effectively disrupting the user's shell environment.

Classification

Working Poc 80%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Linux systems with bash shell

Auth required

Prerequisites: Access to the target user's home directory · Write permissions to modify .bashrc

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2018/Jan/13

Exploit, Third Party Advisory x_refsource_misc

https://sysdream.com/news/lab/2018-01-02-cve-2017-7998-gespage-stored-cross-site-scripting-xss-vulnerability/

Scores

CVSS v3 6.1

EPSS 0.0203

EPSS Percentile 78.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

gespage/gespage < 7.4.9

Published Jan 08, 2018

Tracked Since Feb 18, 2026