CVE-2012-2436

Pligg CMS <1.2.2 - XSS

Title source: llm
STIX 2.1

Description

Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter in a move or (2) minimize action to admin/admin_index.php; (3) the karma_username parameter to module.php in the karma module; (4) q_1_low, (5) q_1_high, (6) q_2_low, or (7) q_2_high parameter in a configure action to module.php in the captcha module; or (8) the edit parameter to module.php in the admin_language module.

Exploits (1)

exploitdb WORKING POC VERIFIED
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/37311

References (13)

Core 13
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/53662
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49257
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75834
Vendor Advisory x_refsource_misc
https://www.htbridge.com/advisory/HTB23089
Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2012-18/
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75764
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/45431
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/53625
Various Sources x_refsource_confirm
http://forums.pligg.com/downloads.php?do=file&id=15

Scores

EPSS 0.0264
EPSS Percentile 85.9%

Details

CWE
CWE-79
Status published
Products (16)
pligg/pligg_cms
pligg/pligg_cms 1.0.0 (6 CPE variants)
pligg/pligg_cms 1.0.1
pligg/pligg_cms 1.0.2
pligg/pligg_cms 1.0.3
pligg/pligg_cms 1.0.4
pligg/pligg_cms 1.1.0
pligg/pligg_cms 1.1.2
pligg/pligg_cms 1.1.3
pligg/pligg_cms 1.1.4
... and 6 more
Published May 27, 2012
Tracked Since Feb 18, 2026