CVE-2013-3728

kasseler-cms < 2 - Authenticated Cross-Site Scripting via cat Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-3728.

AI-analyzed exploit summary The provided code contains functional exploit examples for SQL injection (CVE-2013-3727), stored XSS (CVE-2013-3728), and CSRF (CVE-2013-3729) in Kasseler CMS. It includes detailed PoC code for each vulnerability, demonstrating how an attacker can exploit them.

Description

Cross-site scripting (XSS) vulnerability in Kasseler CMS before 2 r1232 allows remote authenticated users with permissions to create categories to inject arbitrary web script or HTML via the cat parameter in an admin_new_category action to admin.php.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/26623

View Code ZIP pw:eip

The provided code contains functional exploit examples for SQL injection (CVE-2013-3727), stored XSS (CVE-2013-3728), and CSRF (CVE-2013-3729) in Kasseler CMS. It includes detailed PoC code for each vulnerability, demonstrating how an attacker can exploit them.

Classification

Working Poc 100%

Attack Type

Sqli | Xss | Csrf

Complexity

Moderate

Reliability

Reliable

Target: Kasseler CMS 2 r1223 and prior

Auth required

Prerequisites: Authenticated admin session for SQLi/CSRF · Ability to create categories for XSS

MITRE ATT&CK