CVE-2012-6622
Vasthtml Forumpress < 1.7.4 - XSS
Title source: ruleDescription
Multiple cross-site scripting (XSS) vulnerabilities in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) groupid parameter in an editgroup action or (2) usergroup_id parameter in an edit_usergroup action.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Heine Pedersen · textwebappsphp
https://www.exploit-db.com/exploits/37195
References (5)
Scores
EPSS
0.0409
EPSS Percentile
88.5%
Details
CWE
CWE-79
Status
published
Products (23)
vasthtml/forumpress
< 1.7.4
vasthtml/forumpress
vasthtml/forumpress
vasthtml/forumpress
vasthtml/forumpress
vasthtml/forumpress
vasthtml/forumpress
vasthtml/forumpress
vasthtml/forumpress
vasthtml/forumpress
... and 13 more
Published
Jan 16, 2014
Tracked Since
Feb 18, 2026