CVE-2012-1898

Wolf CMS < 0.75 - Cross-Site Scripting via User Add Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-1898. PoCs published by Ivano Binetti.

AI-analyzed exploit summary The exploit demonstrates multiple CSRF and XSS vulnerabilities in WolfCMS <= 0.75, including deletion of admin/users, pages, directories, and forced logout via crafted HTML forms. XSS is achievable through unsanitized input in user fields.

Description

Multiple cross-site scripting (XSS) vulnerabilities in wolfcms/admin/user/add in Wolf CMS 0.75 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user[name], (2) user[email], or (3) user[username] parameters.

Exploits (1)

exploitdb WORKING POC
by Ivano Binetti · textwebappsphp
https://www.exploit-db.com/exploits/18652

The exploit demonstrates multiple CSRF and XSS vulnerabilities in WolfCMS <= 0.75, including deletion of admin/users, pages, directories, and forced logout via crafted HTML forms. XSS is achievable through unsanitized input in user fields.

Classification
Working Poc 100%
Attack Type
Xss | Csrf
Complexity
Trivial
Reliability
Reliable
Target: WolfCMS <= 0.75
Auth required
Prerequisites: Authenticated admin/user session · Victim interaction (browsing crafted page)
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

Scores

EPSS 0.0162
EPSS Percentile 73.3%

Details

CWE
CWE-79
Status published
Products (1)
ivano_binetti/wolf_cms < 0.75
Published Oct 01, 2012
Tracked Since Feb 18, 2026