CVE-2012-4336
flogr < 2.5.6 - Cross-Site Scripting via PATH_INFO or Arbitrary Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-4336. PoCs published by High-Tech Bridge.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Flogr 2.5.6 by injecting arbitrary JavaScript code via URL parameters. The PoC shows how an attacker can execute script code in the context of the affected site to steal cookie-based authentication credentials.
Description
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flogr 2.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) an arbitrary parameter.
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in Flogr 2.5.6 by injecting arbitrary JavaScript code via URL parameters. The PoC shows how an attacker can execute script code in the context of the affected site to steal cookie-based authentication credentials.