CVE-2012-3836

Baby Gekko < 1.2.0 - Cross-Site Scripting via Multiple Input Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-3836. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates multiple stored and reflected XSS vulnerabilities in Baby Gekko CMS v1.1.5c. It includes HTTP requests with malicious payloads injected into various parameters, proving the vulnerability.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) groupname parameter in a savecategory in the users module; (2) virtual_filename, (3) branch, (4) contact_person, (5) street, (6) city, (7) province, (8) postal, (9) country, (10) tollfree, (11) phone, (12) fax, or (13) mobile parameter in a saveitem action in the contacts module; (14) title parameter in a savecategory action in the menus module; (15) firstname or (16) lastname in a saveitem action in the users module; (17) meta_key or (18) meta_description in a saveitem action in the blog module; or (19) the PATH_INFO to admin/index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by LiquidWorm · textwebappsphp
https://www.exploit-db.com/exploits/18827

This exploit demonstrates multiple stored and reflected XSS vulnerabilities in Baby Gekko CMS v1.1.5c. It includes HTTP requests with malicious payloads injected into various parameters, proving the vulnerability.

Classification
Working Poc 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Baby Gekko CMS v1.1.5c
Auth required
Prerequisites: Access to authenticated sessions · Ability to submit crafted HTTP requests
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18827
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49023
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/53366

Scores

EPSS 0.0163
EPSS Percentile 73.5%

Details

CWE
CWE-79
Status published
Products (12)
babygekko/baby_gekko 0.90
babygekko/baby_gekko 0.91
babygekko/baby_gekko 0.98 alpha
babygekko/baby_gekko 0.99 beta
babygekko/baby_gekko 1.0.0
babygekko/baby_gekko 1.0.1
babygekko/baby_gekko 1.1.0
babygekko/baby_gekko 1.1.1
babygekko/baby_gekko 1.1.2
babygekko/baby_gekko 1.1.3
... and 2 more
Published Jul 03, 2012
Tracked Since Feb 18, 2026