← back
CVE-2012-6510

CVE-2012-6510

EPSS 1.6%
Multiple cross-site scripting (XSS) vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) PWRS or (2) Description field when posting a new vehicle; (3) news title when creating news; (4) Name when creating a sub user; (5) group name when creating a group; or (6) dealer name, (7) first name, or (8) last name when changing a profile.
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.org/files/112226/Car-Portal-CMS-3.0-CSRF-XSS-Shell-Upload.htmlunverifiedexploitdbwww.exploit-db.com/exploits/18801unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.org/files/112226/Car-Portal-CMS-3.0-CSRF-XSS-Shell-Upload.htmlhttp://www.securityfocus.com/bid/53267http://www.vulnerability-lab.com/get_content.php?id=502