CVE-2012-3837
Baby Gekko < 1.2.0 - Cross-Site Scripting via Registration Parameters
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-3837. PoCs published by LiquidWorm.
AI-analyzed exploit summary This exploit demonstrates multiple stored and reflected XSS vulnerabilities in Baby Gekko CMS v1.1.5c. It includes HTTP requests with malicious payloads injected into various parameters, proving the vulnerability.
Description
Multiple cross-site scripting (XSS) vulnerabilities in apps/users/registration.template.php in Baby Gekko 1.2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) email_address, (3) password, (4) password_verify, (5) firstname, (6) lastname, or (7) verification_code parameter to users/action/register. NOTE: some of these details are obtained from third party information.
Exploits (1)
This exploit demonstrates multiple stored and reflected XSS vulnerabilities in Baby Gekko CMS v1.1.5c. It includes HTTP requests with malicious payloads injected into various parameters, proving the vulnerability.