CVE-2013-1466

glFusion < 1.2.2.pl4 - Cross-Site Scripting via Multiple Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-1466. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary The exploit demonstrates multiple reflected XSS vulnerabilities in glFusion 1.2.2 via crafted POST parameters in various scripts. It uses JavaScript to submit forms with malicious payloads, bypassing the 'bad_behaviour' plugin by modifying HTTP Referer headers.

Description

Multiple cross-site scripting (XSS) vulnerabilities in glFusion before 1.2.2.pl4 allow remote attackers to inject arbitrary web script or HTML via the (1) subject parameter to profiles.php; (2) address1, (3) address2, (4) calendar_type, (5) city, (6) state, (7) title, (8) url, or (9) zipcode parameter to calendar/index.php; (10) title or (11) url parameter to links/index.php; or (12) PATH_INFO to admin/plugins/mediagallery/xppubwiz.php/.

Exploits (1)

exploitdb WORKING POC
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/24536

The exploit demonstrates multiple reflected XSS vulnerabilities in glFusion 1.2.2 via crafted POST parameters in various scripts. It uses JavaScript to submit forms with malicious payloads, bypassing the 'bad_behaviour' plugin by modifying HTTP Referer headers.

Classification
Working Poc 100%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: glFusion 1.2.2 and prior
No auth needed
Prerequisites: Victim must be tricked into opening a crafted link · Target must have vulnerable glFusion version
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/24536
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/52255
Vendor Advisory x_refsource_misc
https://www.htbridge.com/advisory/HTB23142
Patch, Vendor Advisory x_refsource_confirm
http://www.glfusion.org/article.php/glf122_update_20130130_01
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/82211
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-02/0093.html

Scores

EPSS 0.0377
EPSS Percentile 88.6%

Details

CWE
CWE-79
Status published
Products (41)
glfusion/glfusion 1.0.0 (3 CPE variants)
glfusion/glfusion 1.0.1
glfusion/glfusion 1.0.2
glfusion/glfusion 1.1.0 (2 CPE variants)
glfusion/glfusion 1.1.1
glfusion/glfusion 1.1.2
glfusion/glfusion 1.1.3
glfusion/glfusion 1.1.4
glfusion/glfusion 1.1.4.pl1
glfusion/glfusion 1.1.4.pl2
... and 31 more
Published Feb 05, 2014
Tracked Since Feb 18, 2026