CVE-2012-6589
MYRE Business Directory - Cross-Site Scripting via Search Look Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-6589. PoCs published by d3b4g.
AI-analyzed exploit summary This exploit demonstrates SQL injection and XSS vulnerabilities in Myrephp Business Directory. The SQLi is parameter-based via the 'cat' parameter, while the XSS is reflected via the 'look' parameter with mouseover event injection.
Description
Cross-site scripting (XSS) vulnerability in search.php in MYRE Business Directory allows remote attackers to inject arbitrary web script or HTML via the look parameter.
Exploits (1)
This exploit demonstrates SQL injection and XSS vulnerabilities in Myrephp Business Directory. The SQLi is parameter-based via the 'cat' parameter, while the XSS is reflected via the 'look' parameter with mouseover event injection.