CVE-2011-4836

HomeSeer HS2 2.5.0.20 - Cross-Site Scripting via Crafted URI

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-4836. PoCs published by Silent Dream.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in HomeSeer HS2 web interface, including HTML injection, CSRF, and directory traversal, but does not contain actual exploit code. It references CVE-2011-4836 and provides a basic example of an XSS payload.

Description

Cross-site scripting (XSS) vulnerability in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to inject arbitrary web script or HTML via a request for a crafted URI.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Silent Dream · textremotehardware

https://www.exploit-db.com/exploits/36429

View Code ZIP pw:eip

The provided text describes multiple vulnerabilities in HomeSeer HS2 web interface, including HTML injection, CSRF, and directory traversal, but does not contain actual exploit code. It references CVE-2011-4836 and provides a basic example of an XSS payload.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Theoretical

Target: HomeSeer HS2 2.5.0.20

No auth needed

Prerequisites: Access to the vulnerable web interface

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/796883

Scores

EPSS 0.0168

EPSS Percentile 73.8%

Details

CWE

CWE-79

Status published

Products (1)

homeseer/homeseer_hs2 2.5.0.20

Published Dec 15, 2011

Tracked Since Feb 18, 2026