CVE-2012-2570

X-Cart Gold 4.5 - Cross-Site Scripting via products_map.php symb Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-2570. PoCs published by muts, Am!r.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in X-Cart Gold 4.5 via the 'symb' parameter in 'products_map.php'. The payload bypasses incomplete XSS filtering using URL encoding and HTML anchor methods.

Description

Cross-site scripting (XSS) vulnerability in products_map.php in X-Cart Gold 4.5 allows remote attackers to inject arbitrary web script or HTML via the symb parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED
by muts · textwebappsphp
https://www.exploit-db.com/exploits/20010

This exploit demonstrates a cross-site scripting (XSS) vulnerability in X-Cart Gold 4.5 via the 'symb' parameter in 'products_map.php'. The payload bypasses incomplete XSS filtering using URL encoding and HTML anchor methods.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: X-Cart Gold 4.5
No auth needed
Prerequisites: access to the vulnerable endpoint
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Am!r · textwebappsphp
https://www.exploit-db.com/exploits/37522

This is a vulnerability writeup describing an arbitrary file upload vulnerability in the chenpress plugin for WordPress. The issue arises due to insufficient input sanitization, allowing attackers to upload and execute arbitrary code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: chenpress plugin for WordPress
No auth needed
Prerequisites: Access to the vulnerable endpoint
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/84115
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/77146
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/50006
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/54628
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/20010

Scores

EPSS 0.0166
EPSS Percentile 73.9%

Details

CWE
CWE-79
Status published
Products (1)
qualiteam/x-cart 4.5
Published Aug 15, 2012
Tracked Since Feb 18, 2026