CVE-2011-5040

Infoproject Biznis Heroj - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in Infoproject Biznis Heroj allow remote attackers to inject arbitrary web script or HTML via the config parameter to (1) nalozi_naslov.php and (2) widget.dokumenti_lista.php.

Exploits (1)

exploitdb WORKING POC
by LiquidWorm · textwebappsphp
https://www.exploit-db.com/exploits/18259

References (3)

Scores

EPSS 0.0178
EPSS Percentile 82.5%

Classification

CWE
CWE-79
Status published

Affected Products (2)

infoproject/biznis_heroj
n/a/n/a

Timeline

Published Dec 30, 2011
Tracked Since Feb 18, 2026