CVE-2013-2287
NUCLEIUploader 1.0.4 - Cross-Site Scripting via Notify or Blog Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2013-2287. PoCs published by CodeV. A Nuclei detection template is also available.
AI-analyzed exploit summary The exploit describes a cross-site scripting (XSS) vulnerability in the Uploader Plugin for WordPress, where user-supplied input is not properly sanitized. An attacker can execute arbitrary script code in the context of the affected site by crafting a malicious URL.
Description
Multiple cross-site scripting (XSS) vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter.
Exploits (1)
The exploit describes a cross-site scripting (XSS) vulnerability in the Uploader Plugin for WordPress, where user-supplied input is not properly sanitized. An attacker can execute arbitrary script code in the context of the affected site by crafting a malicious URL.