CVE-2012-6622
ForumPress < 1.7.4 - Cross-Site Scripting via groupid or usergroup_id Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-6622. PoCs published by Heine Pedersen.
AI-analyzed exploit summary The exploit demonstrates SQL injection and XSS vulnerabilities in the WP Forum Server plugin for WordPress. It includes proof-of-concept URLs that exploit unsanitized user input in the 'groupid' and 'usergroup_id' parameters.
Description
Multiple cross-site scripting (XSS) vulnerabilities in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) groupid parameter in an editgroup action or (2) usergroup_id parameter in an edit_usergroup action.
Exploits (1)
The exploit demonstrates SQL injection and XSS vulnerabilities in the WP Forum Server plugin for WordPress. It includes proof-of-concept URLs that exploit unsanitized user input in the 'groupid' and 'usergroup_id' parameters.