CVE-2012-2913
Leaflet Maps Marker Plugin 0.0.1 - Cross-Site Scripting via id Parameter
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2012-2913. PoCs published by Heine Pedersen.
AI-analyzed exploit summary The exploit describes a reflected XSS vulnerability in the Leaflet plugin for WordPress due to improper input sanitization. The provided URL demonstrates the injection of arbitrary JavaScript code via the 'id' parameter.
Description
Multiple cross-site scripting (XSS) vulnerabilities in the Leaflet plugin 0.0.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) leaflet_layer.php or (2) leaflet_marker.php, as reachable through wp-admin/admin.php.
Exploits (2)
The exploit describes a reflected XSS vulnerability in the Leaflet plugin for WordPress due to improper input sanitization. The provided URL demonstrates the injection of arbitrary JavaScript code via the 'id' parameter.
This exploit demonstrates a reflected XSS vulnerability in the Leaflet WordPress plugin by injecting arbitrary JavaScript via the 'id' parameter in the admin interface. The PoC URL triggers an alert dialog, proving the lack of input sanitization.