CVE-2010-4513

Zimplit Cms < 3.0 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in Zimplit CMS 3.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter in a load action to zimplit.php and (2) client parameter to English_manual_version_2.php.

Exploits (3)

exploitdb WORKING POC VERIFIED

by High-Tech Bridge SA · textwebappsphp

https://www.exploit-db.com/exploits/35063

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by High-Tech Bridge SA · textwebappsphp

https://www.exploit-db.com/exploits/35064

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Yashar shahinzadeh · textwebappsphp

https://www.exploit-db.com/exploits/28272

View Code ZIP pw:eip

References (7)

[Exploit] http://marc.info/?l=bugtraq&m=129182251500541&w=2

[Exploit] http://packetstormsecurity.org/files/view/96466/zimplit-xss.txt

[Vendor Advisory] http://secunia.com/advisories/41629

[Exploit] http://www.htbridge.ch/advisory/xss_vulnerability_in_zimplit_cms.html

[Exploit] http://www.htbridge.ch/advisory/xss_vulnerability_in_zimplit_cms_1.html

[Exploit] http://www.securityfocus.com/bid/45252

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/515078/100/0/threaded

Scores

EPSS 0.0116

EPSS Percentile 78.4%

Classification

CWE

CWE-79

Status published

Affected Products (2)

zimplit/zimplit_cms < 3.0

n/a/n/a

Timeline

Published Dec 09, 2010

Tracked Since Feb 18, 2026