CVE-2018-12234

MEDIUM

Adrenalin 5.4.0 - Reflected Cross-Site Scripting via GeneralInfo.aspx strAction Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-12234. PoCs published by Cy83rl0gger.

AI-analyzed exploit summary This is a writeup describing a reflected XSS vulnerability in Adrenalin Core HCM 5.4.0. The vulnerability allows an attacker to inject malicious JavaScript via the 'strAction' parameter, which is echoed back in the HTML response.

Description

A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4.0 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the flexiportal/GeneralInfo.aspx strAction parameter.

Exploits (1)

exploitdb WRITEUP
by Cy83rl0gger · textwebappsaspx
https://www.exploit-db.com/exploits/47611

This is a writeup describing a reflected XSS vulnerability in Adrenalin Core HCM 5.4.0. The vulnerability allows an attacker to inject malicious JavaScript via the 'strAction' parameter, which is echoed back in the HTML response.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Adrenalin Core HCM 5.4.0
No auth needed
Prerequisites: Access to the vulnerable URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 6.1
EPSS 0.0295
EPSS Percentile 85.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
myadrenalin/adrenalin 5.4.0
Published Sep 06, 2018
Tracked Since Feb 18, 2026