CVE-2013-0807
gpEasy CMS < 3.5.2 - Cross-Site Scripting via Section Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2013-0807. PoCs published by High-Tech Bridge SA.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in gpEasy CMS by injecting a malicious script via the 'section' parameter in the URL. The script executes arbitrary JavaScript in the context of the affected site, potentially stealing cookies or performing other malicious actions.
Description
Cross-site scripting (XSS) vulnerability in the NewSectionPrompt function in include/tool/editing_page.php in gpEasy CMS 3.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the section parameter in a new_section action to index.php.
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in gpEasy CMS by injecting a malicious script via the 'section' parameter in the URL. The script executes arbitrary JavaScript in the context of the affected site, potentially stealing cookies or performing other malicious actions.