CVE-2018-11512

MEDIUM

wityCMS 0.6.1 - Authenticated Stored Cross-Site Scripting via Website Name Field

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-11512. PoCs published by Nathu Nandwani.

AI-analyzed exploit summary This exploit demonstrates a persistent XSS vulnerability in wityCMS 0.6.1 via the 'Website's name' field in the admin settings. The payload bypasses a flawed script tag filter by recursively combining tags, executing arbitrary JavaScript when saved and viewed.

Description

Stored cross-site scripting (XSS) vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to admin/settings/general.

Exploits (1)

exploitdb WORKING POC

by Nathu Nandwani · textwebappsphp

https://www.exploit-db.com/exploits/44790

View Code ZIP pw:eip

This exploit demonstrates a persistent XSS vulnerability in wityCMS 0.6.1 via the 'Website's name' field in the admin settings. The payload bypasses a flawed script tag filter by recursively combining tags, executing arbitrary JavaScript when saved and viewed.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: wityCMS 0.6.1

Auth required

Prerequisites: Admin access to wityCMS

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Patch x_refsource_misc

https://github.com/Creatiwity/wityCMS/commit/7967e5bf15b4d2ee6b85b56e82d7e1229147de44

View Patch ZIP pw:eip

Exploit, Patch, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/44790/

Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc

https://github.com/Creatiwity/wityCMS/issues/150

Scores

CVSS v3 4.8

EPSS 0.0218

EPSS Percentile 80.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

creatiwity/witycms 0.6.1

Published May 28, 2018

Tracked Since Feb 18, 2026