CVE-2012-4871

LiteSpeed Web Server 4.1.11 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in LiteSpeed Web Server 4.1.11 allows remote attackers to inject arbitrary web script or HTML via the gtitle parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by K1P0D · textremotemultiple

https://www.exploit-db.com/exploits/37947

View Code ZIP pw:eip

References (4)

[Exploit, URL Repurposed] http://k1p0d.com/?p=25

[Exploit] http://packetstormsecurity.org/files/110974/LiteSpeed-4.1.11-Cross-Site-Scripting.html

[Vendor Advisory] http://secunia.com/advisories/48400

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/74144

Scores

EPSS 0.0572

EPSS Percentile 90.3%

Classification

CWE

CWE-79

Status published

Affected Products (2)

litespeedtech/litespeed_web_server

n/a/n/a

Timeline

Published Sep 06, 2012

Tracked Since Feb 18, 2026