CVE-2012-1470
ocPortal < 7.1.6 - Cross-Site Scripting via Code Editor Path or Line Parameters
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-1470. PoCs published by High-Tech Bridge.
AI-analyzed exploit summary The exploit demonstrates XSS and arbitrary file disclosure vulnerabilities in ocPortal by injecting malicious scripts and path traversal sequences. It leverages insufficient input sanitization to execute arbitrary JavaScript and access sensitive files.
Description
Multiple cross-site scripting (XSS) vulnerabilities in code_editor.php in ocPortal before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) path or (2) line parameters.
Exploits (1)
The exploit demonstrates XSS and arbitrary file disclosure vulnerabilities in ocPortal by injecting malicious scripts and path traversal sequences. It leverages insufficient input sanitization to execute arbitrary JavaScript and access sensitive files.