CVE-2012-2156
Plume CMS <= 1.2.4 - Cross-Site Scripting via User Email, Name, or Comment Author Parameters
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-2156. PoCs published by Ivano Binetti.
AI-analyzed exploit summary This is a detailed writeup describing multiple persistent XSS vulnerabilities in PlumeCMS <= 1.2.4. It explains how improper input sanitization in parameters like 'u_email', 'u_realname', and 'c_author' can be exploited to inject malicious scripts.
Description
Multiple cross-site scripting (XSS) vulnerabilities in Plume CMS 1.2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the u_email parameter (aka Authors Email field) to manager/users.php, (2) the u_realname parameter (aka Authors Name field) to manager/users.php, or (3) the c_author parameter (aka Author field) in an ADD A COMMENT section.
Exploits (1)
This is a detailed writeup describing multiple persistent XSS vulnerabilities in PlumeCMS <= 1.2.4. It explains how improper input sanitization in parameters like 'u_email', 'u_realname', and 'c_author' can be exploited to inject malicious scripts.