CVE-2012-0932
Lead Capture Page System - Stored Cross-Site Scripting via Admin Login Message Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-0932. PoCs published by HashoR.
AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Lead Capture software, where user-supplied input is not properly sanitized. The example demonstrates how an attacker could inject arbitrary script code via the 'message' parameter in the login.php URL.
Description
Cross-site scripting (XSS) vulnerability in admin/login.php in Lead Capture Page System allows remote attackers to inject arbitrary web script or HTML via the message parameter.
Exploits (1)
The provided text describes a cross-site scripting (XSS) vulnerability in Lead Capture software, where user-supplied input is not properly sanitized. The example demonstrates how an attacker could inject arbitrary script code via the 'message' parameter in the login.php URL.