CVE-2012-3232

web@all <2.0 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in search.php in web@all 2.0, as downloaded before May 30, 2012, allows remote attackers to inject arbitrary web script or HTML via the _text[title] parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by High-Tech Bridge · textwebappsphp

https://www.exploit-db.com/exploits/37435

View Code ZIP pw:eip

References (2)

[Exploit] http://www.securityfocus.com/bid/54109

[Exploit] https://www.htbridge.com/advisory/HTB23094

Scores

EPSS 0.0029

EPSS Percentile 52.2%

Classification

CWE

CWE-79

Status published

Affected Products (2)

webatall/web\@all

n/a/n/a

Timeline

Published Jun 29, 2012

Tracked Since Feb 18, 2026