CVE-2012-4745
Acuity CMS 2.6.2 - Cross-Site Scripting via UserName Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-4745. PoCs published by Aung Khant.
AI-analyzed exploit summary This exploit demonstrates a reflected XSS vulnerability in Acuity CMS by injecting a JavaScript payload via the UserName parameter in the login page. The lack of input sanitization allows arbitrary script execution in the context of the affected site.
Description
Cross-site scripting (XSS) vulnerability in admin/login.asp in Acuity CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter.
Exploits (1)
This exploit demonstrates a reflected XSS vulnerability in Acuity CMS by injecting a JavaScript payload via the UserName parameter in the login page. The lack of input sanitization allows arbitrary script execution in the context of the affected site.