CVE-2017-12792

MEDIUM

Nexusphp - XSS

Title source: rule

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) linkname, (2) url, or (3) title parameter in an add action to linksmanage.php.

Exploits (2)

nomisec STUB

by ZZS2017 · poc

https://github.com/ZZS2017/cve-2017-12792

View Code ZIP pw:eip

inthewild

poc

https://github.com/uuuunotfound/cve-2017-12792

View on inthewild

References (1)

[Exploit, Third Party Advisory] https://github.com/UUUUnotfound/cve-2017-12792

Scores

CVSS v3 6.1

EPSS 0.0116

EPSS Percentile 78.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

nexusphp_project/nexusphp 1.5

Published Oct 03, 2017

Tracked Since Feb 18, 2026