Description
Multiple cross-site scripting (XSS) vulnerabilities in admin/admin.php in Grafik CMS 1.1.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) page_menu and (2) description parameters in an edit_page action.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by 10n1z3d · htmlwebappsphp
https://www.exploit-db.com/exploits/14342
References (4)
Core 4
Core References
Exploit x_refsource_misc
http://www.htbridge.ch/advisory/xss_vulnerability_in_grafik_cms.html
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1629
Exploit x_refsource_misc
http://www.htbridge.ch/advisory/xss_vulnerability_in_grafik_cms_1.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/512072/100/0/threaded
Scores
EPSS
0.0016
EPSS Percentile
36.9%
Details
CWE
CWE-79
Status
published
Products (2)
grafik-power/grafik_cms
1.1.1
grafik-power/grafik_cms
< 1.1.2
Published
Jul 02, 2010
Tracked Since
Feb 18, 2026