CVE-2015-2275

WoltLab Community Gallery 2.0 - Stored Cross-Site Scripting via Image Title Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-2275. PoCs published by ITAS Team.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in Community Gallery 2.0 before 12/10/2014. The PoC shows how an attacker can inject malicious JavaScript into the 'title' parameter, which is then stored and executed when other users view the affected image.

Description

Cross-site scripting (XSS) vulnerability in WoltLab Community Gallery 2.0 before 2014-12-26 allows remote attackers to inject arbitrary web script or HTML via the parameters[data][7][title] parameter in a saveImageData action to index.php/AJAXProxy.

Exploits (1)

exploitdb WORKING POC

by ITAS Team · textwebappsphp

https://www.exploit-db.com/exploits/36368

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in Community Gallery 2.0 before 12/10/2014. The PoC shows how an attacker can inject malicious JavaScript into the 'title' parameter, which is then stored and executed when other users view the affected image.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Community Gallery 2.0 before 12/10/2014

Auth required

Prerequisites: Access to a valid session cookie · Ability to send HTTP POST requests to the target

MITRE ATT&CK