CVE-2012-2452

MEDIUM

pragmaMx 1.0-1.12.1 - Cross-Site Scripting via Name Parameter or Image URL

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-2452. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in PragmaMX 1.12.1, where user-supplied input is not properly sanitized. The example URL demonstrates a reflected XSS attack via the 'Themetest' module.

Description

Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx 1.x before 1.12.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to modules.php or (2) img_url to includes/wysiwyg/spaw/editor/plugins/imgpopup/img_popup.php.

Exploits (2)

exploitdb WRITEUP VERIFIED
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/37312

The provided text describes a cross-site scripting (XSS) vulnerability in PragmaMX 1.12.1, where user-supplied input is not properly sanitized. The example URL demonstrates a reflected XSS attack via the 'Themetest' module.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: PragmaMX 1.12.1
No auth needed
Prerequisites: Access to a vulnerable PragmaMX installation · Ability to craft a malicious URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/37313

This exploit demonstrates a cross-site scripting (XSS) vulnerability in PragmaMX by injecting arbitrary JavaScript code via the 'img_url' parameter in the img_popup.php file. The PoC uses a simple alert to display the user's cookies, proving the vulnerability.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: PragmaMX 1.12.1
No auth needed
Prerequisites: Access to the vulnerable endpoint
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.htbridge.com/advisory/HTB23090
Issue Tracking, Vendor Advisory x_refsource_misc
http://www.pragmamx.org/Forum-topic-33554.html

Scores

CVSS v3 6.1
EPSS 0.0170
EPSS Percentile 74.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
pragmamx/pragmamx 1.0 - 1.12.2
Published Feb 11, 2020
Tracked Since Feb 18, 2026