CVE-2013-4692

MEDIUM

Xorbin Analog Flash Clock 1.0 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-4692. PoCs published by Prakhar Prasad.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in the Xorbin Digital Flash Clock WordPress plugin by injecting arbitrary JavaScript via the 'widgetUrl' parameter in the SWF file URL.

Description

Xorbin Analog Flash Clock 1.0 extension for Joomia has XSS

Exploits (2)

exploitdb WORKING POC VERIFIED
by Prakhar Prasad · textwebappsphp
https://www.exploit-db.com/exploits/38621

This exploit demonstrates a cross-site scripting (XSS) vulnerability in the Xorbin Digital Flash Clock WordPress plugin by injecting arbitrary JavaScript via the 'widgetUrl' parameter in the SWF file URL.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Xorbin Digital Flash Clock 1.0
No auth needed
Prerequisites: Access to the vulnerable WordPress plugin URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Prakhar Prasad · textwebappsphp
https://www.exploit-db.com/exploits/38608

This exploit demonstrates a cross-site scripting (XSS) vulnerability in the Xorbin Analog Flash Clock plugin by injecting arbitrary JavaScript code via the 'widgetUrl' parameter in the SWF file URL. The vulnerability arises due to insufficient input sanitization.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Xorbin Analog Flash Clock 1.0
No auth needed
Prerequisites: Access to the vulnerable plugin URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/60860
Third Party Advisory, VDB Entry x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/85418

Scores

CVSS v3 6.1
EPSS 0.0245
EPSS Percentile 82.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
xorbin/analog_flash_clock 1.0
Published Dec 27, 2019
Tracked Since Feb 18, 2026