CVE-2012-0900

Beehive Forum 1.0.1 - Cross-Site Scripting via PATH_INFO to forum/register.php or forum/logon.php

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-0900. PoCs published by Stefan Schurtz.

AI-analyzed exploit summary The provided text describes multiple XSS vulnerabilities in Beehive Forum 101 due to improper input sanitization. It includes example URLs demonstrating the vulnerabilities but lacks executable exploit code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Beehive Forum 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) forum/register.php or (2) forum/logon.php.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Stefan Schurtz · textwebappsphp
https://www.exploit-db.com/exploits/36566

The provided text describes multiple XSS vulnerabilities in Beehive Forum 101 due to improper input sanitization. It includes example URLs demonstrating the vulnerabilities but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: Beehive Forum 101
No auth needed
Prerequisites: Access to the target forum's register.php or logon.php pages
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/72411
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/47595
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/51424
Exploit mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-01/0103.html

Scores

EPSS 0.0161
EPSS Percentile 73.1%

Details

CWE
CWE-79
Status published
Products (1)
beehive_forum/beehive_forum 1.0.1
Published Jan 20, 2012
Tracked Since Feb 18, 2026