CVE-2011-1668

AR Web Content Manager <2.3 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in search.php in AR Web Content Manager (AWCM) 2.1, 2.2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the search parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Antu Sanadi · textwebappsphp

https://www.exploit-db.com/exploits/35555

View Code ZIP pw:eip

References (5)

[Exploit] http://secpod.org/advisories/SECPOD_AWCM_XSS.txt

[Exploit] http://www.securityfocus.com/bid/47126

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/66536

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/517294/100/0/threaded

[Third Party Advisory] http://securityreason.com/securityalert/8193

Scores

EPSS 0.0404

EPSS Percentile 88.4%

Classification

CWE

CWE-79

Status published

Affected Products (3)

awcm-cms/ar_web_content_manager

n/a/n/a

Timeline

Published Apr 10, 2011

Tracked Since Feb 18, 2026