CVE-2012-3232

web@all 2.0 - Cross-Site Scripting via _text[title] Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-3232. PoCs published by High-Tech Bridge.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) and cross-site request-forgery (CSRF) vulnerability in 'web@all' software. It includes a proof-of-concept URL demonstrating the XSS vulnerability by injecting a script tag to execute arbitrary JavaScript code.

Description

Cross-site scripting (XSS) vulnerability in search.php in web@all 2.0, as downloaded before May 30, 2012, allows remote attackers to inject arbitrary web script or HTML via the _text[title] parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by High-Tech Bridge · textwebappsphp
https://www.exploit-db.com/exploits/37435

The provided text describes a cross-site scripting (XSS) and cross-site request-forgery (CSRF) vulnerability in 'web@all' software. It includes a proof-of-concept URL demonstrating the XSS vulnerability by injecting a script tag to execute arbitrary JavaScript code.

Classification
Writeup 80%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: web@all
No auth needed
Prerequisites: Access to the vulnerable web application
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/54109

Scores

EPSS 0.0130
EPSS Percentile 67.0%

Details

CWE
CWE-79
Status published
Products (1)
webatall/web\@all 2.0
Published Jun 29, 2012
Tracked Since Feb 18, 2026