CVE-2012-1028
SimpleGroupware < 0.743 - Cross-Site Scripting via Export Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-1028. PoCs published by Infoserve Security Team.
AI-analyzed exploit summary This exploit demonstrates a reflected XSS vulnerability in Simple Groupware 0.742 by injecting a malicious script via the 'export' parameter in the URL. The lack of input sanitization allows arbitrary JavaScript execution in the context of the affected site.
Description
Cross-site scripting (XSS) vulnerability in bin/index.php in SimpleGroupware 0.742 and other versions before 0.743 allows remote attackers to inject arbitrary web script or HTML via the export parameter.
Exploits (1)
This exploit demonstrates a reflected XSS vulnerability in Simple Groupware 0.742 by injecting a malicious script via the 'export' parameter in the URL. The lack of input sanitization allows arbitrary JavaScript execution in the context of the affected site.