CVE-2012-1782

OSQA 3b - Cross-Site Scripting via URL or Picture Bar

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-1782. PoCs published by Ucha Gobejishvili.

AI-analyzed exploit summary This exploit demonstrates an XSS vulnerability in OSQA's CMS by injecting malicious HTML/JavaScript code into the URL or picture bar of the 'ask' page. The lack of proper sanitization allows arbitrary script execution in the context of the affected site.

Description

Multiple cross-site scripting (XSS) vulnerabilities in questions/ask in OSQA 3b allow remote attackers to inject arbitrary web script or HTML via the (1) url bar or (2) picture bar.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Ucha Gobejishvili · textwebappsphp

https://www.exploit-db.com/exploits/36886

View Code ZIP pw:eip

This exploit demonstrates an XSS vulnerability in OSQA's CMS by injecting malicious HTML/JavaScript code into the URL or picture bar of the 'ask' page. The lack of proper sanitization allows arbitrary script execution in the context of the affected site.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: OSQA 3b

No auth needed

Prerequisites: Access to the target URL

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/52184

Exploit mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2012-02/0164.html

Various Sources x_refsource_misc

http://www.vulnerability-lab.com/get_content.php?id=461

Scores

EPSS 0.0161

EPSS Percentile 72.8%

Details

CWE

CWE-79

Status published

Products (1)

osqa/osqa 3b

Published Mar 19, 2012

Tracked Since Feb 18, 2026