CVE-2012-6608

elastix 2.3.0 - Cross-Site Scripting via Page Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-6608. PoCs published by cheki.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Elastix 2.3.0 by crafting a malicious URL that injects arbitrary JavaScript code via the 'Page' parameter in E_book.php. The PoC includes a Python script to send a phishing email containing the malicious link.

Description

Cross-site scripting (XSS) vulnerability in xmlservices/E_book.php in Elastix 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the Page parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by cheki · pythonwebappsphp

https://www.exploit-db.com/exploits/38078

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Elastix 2.3.0 by crafting a malicious URL that injects arbitrary JavaScript code via the 'Page' parameter in E_book.php. The PoC includes a Python script to send a phishing email containing the malicious link.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Elastix 2.3.0

No auth needed

Prerequisites: Target must visit the crafted URL · Target must be using a vulnerable version of Elastix

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/55739

Exploit x_refsource_misc

http://packetstormsecurity.com/files/118454/Elastix-2.3.0-Cross-Site-Scripting.html

Scores

EPSS 0.0255

EPSS Percentile 83.0%

Details

CWE

CWE-79

Status published

Products (1)

elastix/elastix 2.3.0

Published Nov 25, 2013

Tracked Since Feb 18, 2026