CVE-2012-1898
Wolf CMS < 0.75 - Cross-Site Scripting via User Add Parameters
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-1898. PoCs published by Ivano Binetti.
AI-analyzed exploit summary The exploit demonstrates multiple CSRF and XSS vulnerabilities in WolfCMS <= 0.75, including deletion of admin/users, pages, directories, and forced logout via crafted HTML forms. XSS is achievable through unsanitized input in user fields.
Description
Multiple cross-site scripting (XSS) vulnerabilities in wolfcms/admin/user/add in Wolf CMS 0.75 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user[name], (2) user[email], or (3) user[username] parameters.
Exploits (1)
The exploit demonstrates multiple CSRF and XSS vulnerabilities in WolfCMS <= 0.75, including deletion of admin/users, pages, directories, and forced logout via crafted HTML forms. XSS is achievable through unsanitized input in user fields.