CVE-2012-4384

MEDIUM

LetoDMS < 3.3.11 - Reflected and Stored Cross-Site Scripting

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-4384.

AI-analyzed exploit summary The exploit demonstrates multiple XSS (reflected and stored) and CSRF vulnerabilities in LetoDMS 3.3.6. It includes specific payloads and steps to reproduce the issues, such as injecting malicious scripts into user input fields and crafting CSRF forms to change passwords.

Description

letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name, Stored XSS in Calendar

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/20759

View Code ZIP pw:eip

The exploit demonstrates multiple XSS (reflected and stored) and CSRF vulnerabilities in LetoDMS 3.3.6. It includes specific payloads and steps to reproduce the issues, such as injecting malicious scripts into user input fields and crafting CSRF forms to change passwords.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: LetoDMS 3.3.6

No auth needed

Prerequisites: Access to the LetoDMS web interface

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Mailing List, Third Party Advisory x_refsource_misc

http://www.openwall.com/lists/oss-security/2012/08/31/19

Third Party Advisory vendor-advisory x_refsource_debian

https://security-tracker.debian.org/tracker/CVE-2012-4384

Scores

CVSS v3 6.1

EPSS 0.0155

EPSS Percentile 71.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

debian/debian_linux 8.0

trilexnet/letodms < 3.3.11

Published Nov 13, 2019

Tracked Since Feb 18, 2026