CVE-2012-5295
FuseTalk Forums < 3.2 - Cross-Site Scripting via login.cfm windowed Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-5295. PoCs published by sonyy.
AI-analyzed exploit summary This exploit demonstrates a reflected XSS vulnerability in FuseTalk Forums 3.2 by injecting malicious JavaScript via the 'windowed' parameter in the login.cfm URL. The payload uses obfuscated 'alert' calls to bypass basic input filters.
Description
Cross-site scripting (XSS) vulnerability in login.cfm in FuseTalk Forums 3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the windowed parameter.
Exploits (1)
This exploit demonstrates a reflected XSS vulnerability in FuseTalk Forums 3.2 by injecting malicious JavaScript via the 'windowed' parameter in the login.cfm URL. The payload uses obfuscated 'alert' calls to bypass basic input filters.