Description
Cross-site scripting (XSS) vulnerability in admin/login.php in Limny 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the "PHP_SELF" variable.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Gjoko Krstic · textwebappsphp
https://www.exploit-db.com/exploits/36494
References (7)
Core 7
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/51261
Exploit x_refsource_misc
http://packetstormsecurity.org/files/108355/ZSL-2012-5066.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/78093
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/47444
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/72113
Patch x_refsource_confirm
http://www.limny.org/releases/limny-3.0.2.7z
Exploit x_refsource_misc
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5066.php
Scores
EPSS
0.0946
EPSS Percentile
92.9%
Details
CWE
CWE-79
Status
published
Products (1)
limny/limny
3.0.1
Published
Oct 09, 2012
Tracked Since
Feb 18, 2026