CVE-2012-6556
FirstLastNames 1.1.1 - Cross-Site Scripting via User FirstName or LastName Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-6556. PoCs published by Henry Hoggard.
AI-analyzed exploit summary This is a writeup describing a persistent XSS vulnerability in the Vanilla FirstLastNames plugin version 1.3.2. The exploit involves injecting a malicious script into the first or last name field of a user profile, which executes when another user visits the profile page.
Description
Multiple cross-site scripting (XSS) vulnerabilities in the FirstLastNames plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the (1) User/FirstName or (2) User/LastName parameter to the edit user page. NOTE: some of these details are obtained from third party information.
Exploits (1)
This is a writeup describing a persistent XSS vulnerability in the Vanilla FirstLastNames plugin version 1.3.2. The exploit involves injecting a malicious script into the first or last name field of a user profile, which executes when another user visits the profile page.