CVE-2012-6555
LatestComment 1.1 - Cross-Site Scripting via Discussion Title
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-6555. PoCs published by Henry Hoggard.
AI-analyzed exploit summary This exploit demonstrates a persistent XSS vulnerability in the Vanilla LatestComment plugin. By creating a thread with a malicious script in the title, the XSS payload executes when the thread is viewed on the forum index page.
Description
Cross-site scripting (XSS) vulnerability in the LatestComment plugin 1.1 for Vanilla Forums allows remote attackers to inject arbitrary web script or HTML via the discussion title.
Exploits (1)
This exploit demonstrates a persistent XSS vulnerability in the Vanilla LatestComment plugin. By creating a thread with a malicious script in the title, the XSS payload executes when the thread is viewed on the forum index page.