CVE-2013-1410

MEDIUM

Perforce P4web 2011.1 and 2012.1 - Cross-Site Scripting

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-1410. PoCs published by Christy Philip Mathew.

AI-analyzed exploit summary This exploit demonstrates multiple reflected XSS vulnerabilities in Perforce P4Web by injecting malicious JavaScript via URL parameters. The PoC uses crafted URLs with embedded script tags to trigger arbitrary code execution in the context of the affected site.

Description

Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by Christy Philip Mathew · textwebappsjsp

https://www.exploit-db.com/exploits/38235

View Code ZIP pw:eip

This exploit demonstrates multiple reflected XSS vulnerabilities in Perforce P4Web by injecting malicious JavaScript via URL parameters. The PoC uses crafted URLs with embedded script tags to trigger arbitrary code execution in the context of the affected site.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Perforce P4Web versions 2011.1 and 2012.1

No auth needed

Prerequisites: Access to the target P4Web instance · User interaction to click malicious URLs

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://www.exploit-database.net/?id=59355

Third Party Advisory, VDB Entry x_refsource_misc

https://www.securityfocus.com/bid/57514/info

Scores

CVSS v3 6.1

EPSS 0.0150

EPSS Percentile 71.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

perforce/p4web 2011.1

perforce/p4web 2012.1

Published Feb 12, 2020

Tracked Since Feb 18, 2026