CVE-2012-1005

Sphinx Software Mobile Web Server 3.1.2.47 - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-1005. PoCs published by SecPod Research.

AI-analyzed exploit summary This is a writeup detailing persistent XSS vulnerabilities in Sphinx Mobile Web Server. It includes PoC URLs demonstrating how arbitrary script code can be injected via the 'comment' parameter in specific blog pages.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Sphinx Software Mobile Web Server 3.1.2.47 allow remote attackers to inject arbitrary web script or HTML via the comment parameter to a blog, as demonstrated using (1) Blog/MyFirstBlog.txt or (2) Blog/AboutSomething.txt.

Exploits (1)

exploitdb WRITEUP VERIFIED

by SecPod Research · textwebappswindows

https://www.exploit-db.com/exploits/18451

View Code ZIP pw:eip

This is a writeup detailing persistent XSS vulnerabilities in Sphinx Mobile Web Server. It includes PoC URLs demonstrating how arbitrary script code can be injected via the 'comment' parameter in specific blog pages.

Classification

Writeup 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Sphinx Mobile Web Server U3 3.1.2.47

No auth needed

Prerequisites: Access to the vulnerable blog pages

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Various Sources x_refsource_misc

http://secpod.org/blog/?p=453

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/72913

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/51820

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/47876

Scores

EPSS 0.0162

EPSS Percentile 73.0%

Details

CWE

CWE-79

Status published

Products (1)

sphinx-soft/mobile_web_server 3.1.2.47

Published Feb 07, 2012

Tracked Since Feb 18, 2026