CVE-2012-3836
Baby Gekko < 1.2.0 - Cross-Site Scripting via Multiple Input Parameters
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-3836. PoCs published by LiquidWorm.
AI-analyzed exploit summary This exploit demonstrates multiple stored and reflected XSS vulnerabilities in Baby Gekko CMS v1.1.5c. It includes HTTP requests with malicious payloads injected into various parameters, proving the vulnerability.
Description
Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) groupname parameter in a savecategory in the users module; (2) virtual_filename, (3) branch, (4) contact_person, (5) street, (6) city, (7) province, (8) postal, (9) country, (10) tollfree, (11) phone, (12) fax, or (13) mobile parameter in a saveitem action in the contacts module; (14) title parameter in a savecategory action in the menus module; (15) firstname or (16) lastname in a saveitem action in the users module; (17) meta_key or (18) meta_description in a saveitem action in the blog module; or (19) the PATH_INFO to admin/index.php.
Exploits (1)
This exploit demonstrates multiple stored and reflected XSS vulnerabilities in Baby Gekko CMS v1.1.5c. It includes HTTP requests with malicious payloads injected into various parameters, proving the vulnerability.