CVE-2013-2618
EXPLOITED IN THE WILD RANSOMWARENetwork Weathermap < 0.97b - Stored Cross-Site Scripting via Map Title Parameter
Title source: llmExploitation Summary
CVE-2013-2618 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io), including in ransomware campaigns. EIP tracks 1 public exploit from researchers including Daniel Ricardo dos Santos.
AI-analyzed exploit summary This is a detailed writeup describing a persistent XSS vulnerability in Network Weathermap 0.97a. The vulnerability allows an attacker to inject malicious JavaScript into the map title, which is later executed when displayed in the editor interface.
Description
Cross-site scripting (XSS) vulnerability in editor.php in Network Weathermap before 0.97b allows remote attackers to inject arbitrary web script or HTML via the map_title parameter.
Exploits (1)
This is a detailed writeup describing a persistent XSS vulnerability in Network Weathermap 0.97a. The vulnerability allows an attacker to inject malicious JavaScript into the map title, which is later executed when displayed in the editor interface.