CVE-2012-2436
CVE-2012-2436
Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter in a move or (2) minimize action to admin/admin_index.php; (3) the karma_username parameter to module.php in the karma module; (4) q_1_low, (5) q_1_high, (6) q_2_low, or (7) q_2_high parameter in a configure action to module.php in the captcha module; or (8) the edit parameter to module.php in the admin_language module.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/37311unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://forums.pligg.com/downloads.php?do=file&id=15http://pligg.svn.sourceforge.net/viewvc/pligg/trunk/modules/admin_language/admin_language_main.php?r1=2442&r2=2441&pathrev=2442http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2440http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2441http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2452http://secunia.com/advisories/45431http://secunia.com/advisories/49257http://secunia.com/secunia_research/2012-18/https://exchange.xforce.ibmcloud.com/vulnerabilities/75764https://exchange.xforce.ibmcloud.com/vulnerabilities/75834https://www.htbridge.com/advisory/HTB23089http://www.securityfocus.com/bid/53625