CVE-2010-4513
published 2010-12-09CVE-2010-4513: Multiple cross-site scripting (XSS) vulnerabilities in Zimplit CMS 3.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via…
PriorityP420medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.81%
75.9th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Zimplit CMS 3.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter in a load action to zimplit.php and (2) client parameter to English_manual_version_2.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zimplit | zimplit_cms | <= 3.0 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Zimplit CMS 3.0 - Multiple Vulnerabilities
exploitdb·2013-09-13
CVE-2010-4513 Zimplit CMS 3.0 - Multiple Vulnerabilities
Zimplit CMS 3.0 - Multiple Vulnerabilities
---
###################################################################################################################################
# Exploit Title: Zimplit CMS multiple vulnerabilities
# Date: 2013 13 September
# Exploit Author: Yashar shahinzadeh
# Special thanks to Mormoroth
# Credit goes for: http://y-shahinzadeh.ir & ha.cker.ir
# Vendor Homepage: www.zimplit.com
# Tested on: Linux & Windows, PHP 5.3.2
# Affected Version : 3.0 (Last)
#
# Contacts: { http://Twitter.com/YShahinzadeh , http://y-shahinzadeh.ir , http://Twitter.com/Mormoroth , http://mormoroth.ir }
###################################################################################################################################
# Exploit-DB Note: Need to be authenticated for
Exploit-DB
Zimplit CMS - 'zimplit.php?File' Cross-Site Scripting
exploitdb·2010-12-07
CVE-2010-4513 Zimplit CMS - 'zimplit.php?File' Cross-Site Scripting
Zimplit CMS - 'zimplit.php?File' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/45252/info
Zimplit CMS is prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/path/zimplit.php?action=load&file=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
Exploit-DB
Zimplit CMS - 'English_manual_version_2.php?client' Cross-Site Scripting
exploitdb·2010-12-07
CVE-2010-4513 Zimplit CMS - 'English_manual_version_2.php?client' Cross-Site Scripting
Zimplit CMS - 'English_manual_version_2.php?client' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/45252/info
Zimplit CMS is prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/path/English_manual_version_2.php?client=c%27%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=129182251500541&w=2http://packetstormsecurity.org/files/view/96466/zimplit-xss.txthttp://secunia.com/advisories/41629http://www.htbridge.ch/advisory/xss_vulnerability_in_zimplit_cms.htmlhttp://www.htbridge.ch/advisory/xss_vulnerability_in_zimplit_cms_1.htmlhttp://www.securityfocus.com/archive/1/515078/100/0/threadedhttp://www.securityfocus.com/bid/45252http://marc.info/?l=bugtraq&m=129182251500541&w=2http://packetstormsecurity.org/files/view/96466/zimplit-xss.txthttp://secunia.com/advisories/41629http://www.htbridge.ch/advisory/xss_vulnerability_in_zimplit_cms.htmlhttp://www.htbridge.ch/advisory/xss_vulnerability_in_zimplit_cms_1.htmlhttp://www.securityfocus.com/archive/1/515078/100/0/threadedhttp://www.securityfocus.com/bid/45252
2010-12-09
Published