Description
Multiple cross-site scripting (XSS) vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to inject arbitrary web script or HTML via the (1) sEcho parameter to comments_paginate.php or (2) stores_paginate.php or the (3) affiliate_url, (4) description, (5) domain, (6) seo[description], (7) seo[heading], (8) seo[title], (9) seo[keywords], (10) setting[logo], (11) setting[perpage], or (12) setting[sitename] to admin/index.php.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by LiquidWorm · textwebappsphp
https://www.exploit-db.com/exploits/32037
References (8)
Core 8
Core References
Various Sources x_refsource_confirm
http://couponphp.com/changelog
Exploit x_refsource_misc
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5170.php
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/57177
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/show/osvdb/103886
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/show/osvdb/103897
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/show/osvdb/103887
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/32037
Exploit x_refsource_misc
http://packetstormsecurity.com/files/125480
Scores
EPSS
0.0984
EPSS Percentile
93.0%
Details
CWE
CWE-79
Status
published
Products (1)
couponphp/couponphp
< 1.1.0
Published
Jan 13, 2015
Tracked Since
Feb 18, 2026