CVE-2012-5295

FuseTalk Forums < 3.2 - Cross-Site Scripting via login.cfm windowed Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-5295. PoCs published by sonyy.

AI-analyzed exploit summary This exploit demonstrates a reflected XSS vulnerability in FuseTalk Forums 3.2 by injecting malicious JavaScript via the 'windowed' parameter in the login.cfm URL. The payload uses obfuscated 'alert' calls to bypass basic input filters.

Description

Cross-site scripting (XSS) vulnerability in login.cfm in FuseTalk Forums 3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the windowed parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by sonyy · textwebappsphp
https://www.exploit-db.com/exploits/36485

This exploit demonstrates a reflected XSS vulnerability in FuseTalk Forums 3.2 by injecting malicious JavaScript via the 'windowed' parameter in the login.cfm URL. The payload uses obfuscated 'alert' calls to bypass basic input filters.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: FuseTalk Forums 3.2
No auth needed
Prerequisites: Victim must click a crafted URL
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/40850
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/51227
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/72083
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1026483

Scores

EPSS 0.0163
EPSS Percentile 73.4%

Details

CWE
CWE-79
Status published
Products (4)
fusetalk/fusetalk 3.0
fusetalk/fusetalk 3.1
fusetalk/fusetalk < 3.2
fusetalk./fusetalk 2.0
Published Oct 04, 2012
Tracked Since Feb 18, 2026