CVE-2012-6559
FreeNAC 3.02 - Cross-Site Scripting via Multiple Parameters
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-6559. PoCs published by blake.
AI-analyzed exploit summary This exploit demonstrates SQL injection and XSS vulnerabilities in FreeNAC 3.02. It includes proof-of-concept requests for reflective and stored XSS, as well as a blind SQL injection via the 'status' parameter.
Description
Multiple cross-site scripting (XSS) vulnerabilities in FreeNAC 3.02 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) mac, (3) graphtype, (4) name, or (5) type parameter to stats.php; or (6) comment parameter to deviceadd.php.
Exploits (1)
This exploit demonstrates SQL injection and XSS vulnerabilities in FreeNAC 3.02. It includes proof-of-concept requests for reflective and stored XSS, as well as a blind SQL injection via the 'status' parameter.