CVE-2010-5025
CuteSITE CMS 1.2.3 and 1.5.0 - Cross-Site Scripting via fld_path Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2010-5025. PoCs published by High-Tech Bridge SA.
AI-analyzed exploit summary The provided text describes an XSS vulnerability in CuteSITE CMS 1.5.0, where user-supplied input is not properly sanitized, allowing script injection. The example URL demonstrates a reflected XSS attack via the 'fld_path' parameter.
Description
Cross-site scripting (XSS) vulnerability in manage/main.php in CuteSITE CMS 1.2.3 and 1.5.0 allows remote attackers to inject arbitrary web script or HTML via the fld_path parameter. NOTE: some of these details are obtained from third party information.
Exploits (1)
The provided text describes an XSS vulnerability in CuteSITE CMS 1.5.0, where user-supplied input is not properly sanitized, allowing script injection. The example URL demonstrates a reflected XSS attack via the 'fld_path' parameter.