CVE-2012-0873
Boonex Dolphin < 7.0.8 - Cross-Site Scripting via Explanation or ViewFriends Parameters
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2012-0873. PoCs published by Aung Khant.
AI-analyzed exploit summary This exploit demonstrates multiple XSS vulnerabilities in Dolphin CMS by injecting malicious scripts via unsanitized URL parameters. The PoC includes crafted URLs that trigger arbitrary JavaScript execution in the context of the affected site.
Description
Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or the (2) photos_only, (3) online_only, or (4) mode parameters to viewFriends.php.
Exploits (2)
This exploit demonstrates multiple XSS vulnerabilities in Dolphin CMS by injecting malicious scripts via unsanitized URL parameters. The PoC includes crafted URLs that trigger arbitrary JavaScript execution in the context of the affected site.
This exploit demonstrates a reflected XSS vulnerability in Dolphin 7.0.7 and prior versions by injecting arbitrary JavaScript code via the 'explain' parameter in the 'explanation.php' file.