CVE-2015-1373

ferretCMS 1.0.4-alpha - Cross-Site Scripting via Action Parameter or Username

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-1373.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in ferretCMS v1.0.4-alpha, including stored/reflected XSS, SQL injection, and arbitrary file upload vulnerabilities. It provides specific URLs and payloads for exploitation but does not include functional exploit code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter in a search request, (2) username in a login request, which is not properly handled when logging the event, or (3) page title in an insert action.

Exploits (1)

exploitdb WRITEUP
webappsphp
https://www.exploit-db.com/exploits/35914

This advisory details multiple vulnerabilities in ferretCMS v1.0.4-alpha, including stored/reflected XSS, SQL injection, and arbitrary file upload vulnerabilities. It provides specific URLs and payloads for exploitation but does not include functional exploit code.

Classification
Writeup 100%
Attack Type
Xss | Sqli | Other
Complexity
Trivial
Reliability
Reliable
Target: ferretCMS v1.0.4-alpha
No auth needed
Prerequisites: Access to the administrative backend for some vulnerabilities
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5
Core References
Issue Tracking x_refsource_confirm
https://github.com/JRogaishio/ferretCMS/issues/63
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/72287
Exploit mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/01/23/3
Exploit mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Jan/98

Scores

EPSS 0.0323
EPSS Percentile 86.6%

Details

CWE
CWE-79
Status published
Products (1)
ferretcms_project/ferretcms 1.0.4 alpha
Published Jan 27, 2015
Tracked Since Feb 18, 2026