Description
Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx 1.x before 1.12.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to modules.php or (2) img_url to includes/wysiwyg/spaw/editor/plugins/imgpopup/img_popup.php.
Exploits (2)
exploitdb
WRITEUP
VERIFIED
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/37312
exploitdb
WORKING POC
VERIFIED
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/37313
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.htbridge.com/advisory/HTB23090
Issue Tracking, Vendor Advisory x_refsource_misc
http://www.pragmamx.org/Forum-topic-33554.html
Vendor Advisory x_refsource_misc
http://www.pragmamx.org/News-pragmaMx-1.12-Servicepack2-item-706.html
Scores
CVSS v3
6.1
EPSS
0.0040
EPSS Percentile
60.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
pragmamx/pragmamx
1.0 - 1.12.2
Published
Feb 11, 2020
Tracked Since
Feb 18, 2026