CVE-2012-1979
SyndeoCMS < 3.0.01 - Authenticated Stored Cross-Site Scripting via Email Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-1979. PoCs published by Ivano Binetti.
AI-analyzed exploit summary This is a writeup describing a persistent XSS vulnerability in SyndeoCMS <= 3.0.01. The exploit involves injecting malicious JavaScript into the 'email' parameter, which is executed when another user views the profile.
Description
Cross-site scripting (XSS) vulnerability in starnet/index.php in SyndeoCMS 3.0.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the email parameter (aka Email address field) in an edit_user configuration action.
Exploits (1)
This is a writeup describing a persistent XSS vulnerability in SyndeoCMS <= 3.0.01. The exploit involves injecting malicious JavaScript into the 'email' parameter, which is executed when another user views the profile.