CVE-2012-1470

ocPortal < 7.1.6 - Cross-Site Scripting via Code Editor Path or Line Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-1470. PoCs published by High-Tech Bridge.

AI-analyzed exploit summary The exploit demonstrates XSS and arbitrary file disclosure vulnerabilities in ocPortal by injecting malicious scripts and path traversal sequences. It leverages insufficient input sanitization to execute arbitrary JavaScript and access sensitive files.

Description

Multiple cross-site scripting (XSS) vulnerabilities in code_editor.php in ocPortal before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) path or (2) line parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED
by High-Tech Bridge · textwebappsphp
https://www.exploit-db.com/exploits/37022

The exploit demonstrates XSS and arbitrary file disclosure vulnerabilities in ocPortal by injecting malicious scripts and path traversal sequences. It leverages insufficient input sanitization to execute arbitrary JavaScript and access sensitive files.

Classification
Working Poc 90%
Attack Type
Xss | Info Leak
Complexity
Trivial
Reliability
Reliable
Target: ocPortal versions prior to 7.1.6
No auth needed
Prerequisites: Access to the target application
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
http://ocportal.com/site/news/view/ocportal-security-update.htm

Scores

EPSS 0.0168
EPSS Percentile 74.2%

Details

CWE
CWE-79
Status published
Products (35)
ocportal/ocportal 4.0
ocportal/ocportal 4.0.1
ocportal/ocportal 4.0.2
ocportal/ocportal 4.0.3
ocportal/ocportal 4.0.4
ocportal/ocportal 4.0.5
ocportal/ocportal 4.1
ocportal/ocportal 4.1.1
ocportal/ocportal 4.1.2
ocportal/ocportal 4.1.3
... and 25 more
Published Oct 01, 2012
Tracked Since Feb 18, 2026