CVE-2013-2618

EXPLOITED IN THE WILD RANSOMWARE

Network Weathermap < 0.97b - Stored Cross-Site Scripting via Map Title Parameter

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2013-2618 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io), including in ransomware campaigns. EIP tracks 1 public exploit from researchers including Daniel Ricardo dos Santos.

AI-analyzed exploit summary This is a detailed writeup describing a persistent XSS vulnerability in Network Weathermap 0.97a. The vulnerability allows an attacker to inject malicious JavaScript into the map title, which is later executed when displayed in the editor interface.

Description

Cross-site scripting (XSS) vulnerability in editor.php in Network Weathermap before 0.97b allows remote attackers to inject arbitrary web script or HTML via the map_title parameter.

Exploits (1)

exploitdb WRITEUP
by Daniel Ricardo dos Santos · textwebappsphp
https://www.exploit-db.com/exploits/24913

This is a detailed writeup describing a persistent XSS vulnerability in Network Weathermap 0.97a. The vulnerability allows an attacker to inject malicious JavaScript into the map title, which is later executed when displayed in the editor interface.

Classification
Writeup 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Network Weathermap 0.97a
Auth required
Prerequisites: Access to the editor.php interface · Ability to create or edit a map
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/83187
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/24913
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/58793
Exploit mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2013/Apr/1
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/91869

Scores

EPSS 0.0468
EPSS Percentile 90.7%

Details

VulnCheck KEV 2020-10-15
InTheWild.io 2022-05-25
Ransomware Use Confirmed
CWE
CWE-79
Status published
Products (1)
network-weathermap/.network_weathermap < 0.97
Published Jun 05, 2014
Tracked Since Feb 18, 2026