CVE-2012-1597
ezjscore < 1.4 - Cross-Site Scripting via textEncode Function
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-1597. PoCs published by Yann MICHARD.
AI-analyzed exploit summary This exploit demonstrates a reflected XSS vulnerability in eZ Publish 4.6 by injecting malicious JavaScript via an unsanitized URL parameter. The PoC uses an `<img>` tag with an `onerror` event to trigger arbitrary script execution in the context of the affected site.
Description
Cross-site scripting (XSS) vulnerability in the textEncode function in classes/ezjscajaxcontent.php in eZ JS Core in eZ Publish before 1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Exploits (1)
This exploit demonstrates a reflected XSS vulnerability in eZ Publish 4.6 by injecting malicious JavaScript via an unsanitized URL parameter. The PoC uses an `<img>` tag with an `onerror` event to trigger arbitrary script execution in the context of the affected site.