CVE-2012-6430
Open Solution Quick.Cms 5.0 and Quick.Cart 6.0 - Cross-Site Scripting via PATH_INFO to admin.php
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-6430. PoCs published by High-Tech Bridge.
AI-analyzed exploit summary This exploit demonstrates a reflected XSS vulnerability in Quick.Cms and Quick.Cart by injecting a malicious script via the URL path. The payload executes arbitrary JavaScript in the context of the affected site, potentially stealing cookies.
Description
Cross-site scripting (XSS) vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin.php. NOTE: this might be a duplicate of CVE-2008-4140.
Exploits (1)
This exploit demonstrates a reflected XSS vulnerability in Quick.Cms and Quick.Cart by injecting a malicious script via the URL path. The payload executes arbitrary JavaScript in the context of the affected site, potentially stealing cookies.