CVE-2012-2371
NUCLEIWP-FaceThumb 0.1 - Cross-Site Scripting via Pagination Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-2371. PoCs published by d3v1l. A Nuclei detection template is also available.
AI-analyzed exploit summary This exploit demonstrates a reflected XSS vulnerability in WP-FaceThumb 0.1 by injecting malicious JavaScript via the 'pagination_wp_facethumb' parameter. The PoC uses an img tag with an onerror handler to execute arbitrary JavaScript, such as stealing cookies.
Description
Cross-site scripting (XSS) vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pagination_wp_facethumb parameter.
Exploits (1)
This exploit demonstrates a reflected XSS vulnerability in WP-FaceThumb 0.1 by injecting malicious JavaScript via the 'pagination_wp_facethumb' parameter. The PoC uses an img tag with an onerror handler to execute arbitrary JavaScript, such as stealing cookies.