CVE-2012-3232
web@all 2.0 - Cross-Site Scripting via _text[title] Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-3232. PoCs published by High-Tech Bridge.
AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) and cross-site request-forgery (CSRF) vulnerability in 'web@all' software. It includes a proof-of-concept URL demonstrating the XSS vulnerability by injecting a script tag to execute arbitrary JavaScript code.
Description
Cross-site scripting (XSS) vulnerability in search.php in web@all 2.0, as downloaded before May 30, 2012, allows remote attackers to inject arbitrary web script or HTML via the _text[title] parameter.
Exploits (1)
The provided text describes a cross-site scripting (XSS) and cross-site request-forgery (CSRF) vulnerability in 'web@all' software. It includes a proof-of-concept URL demonstrating the XSS vulnerability by injecting a script tag to execute arbitrary JavaScript code.