Description
Cross-site scripting (XSS) vulnerability in index.php in OneCMS 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the view parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by anT!-Tr0J4n · textwebappsphp
https://www.exploit-db.com/exploits/34563
References (3)
Core 3
Core References
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/8432
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/42949
Exploit x_refsource_misc
http://packetstormsecurity.org/1009-exploits/onecms-xss.txt
Scores
EPSS
0.0131
EPSS Percentile
80.0%
Details
CWE
CWE-79
Status
published
Products (1)
insanevisions/onecms
2.6.1
Published
Oct 07, 2011
Tracked Since
Feb 18, 2026