CVE-2012-2570
published 2012-08-15CVE-2012-2570: Cross-site scripting (XSS) vulnerability in products_map.php in X-Cart Gold 4.5 allows remote attackers to inject arbitrary web script or HTML via the symb…
PriorityP420medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.66%
73.8th percentile
Cross-site scripting (XSS) vulnerability in products_map.php in X-Cart Gold 4.5 allows remote attackers to inject arbitrary web script or HTML via the symb parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qualiteam | x-cart | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
X-Cart Gold 4.5 - 'products_map.php?symb' Cross-Site Scripting
exploitdb·2012-07-21
CVE-2012-2570 X-Cart Gold 4.5 - 'products_map.php?symb' Cross-Site Scripting
X-Cart Gold 4.5 - 'products_map.php?symb' Cross-Site Scripting
---
######################################################################################
# Exploit Title: X-Cart Gold 4.5 (products_map.php symb parameter) XSS Vulnerability
# Date: Jul 21 2012
# Author: muts
# Version: X-Cart Gold 4.5
# Vendor URL: http://www.x-cart.com/
######################################################################################
X-Cart Gold implements a degree of XSS filtering but it is incomplete.
The "symb" parameter of "products_map.php" is vulnerable to XSS and can be bypassed by using
HTML anchor methods and URL encoding.
Timeline:
29 May 2012: Vulnerability reported to CERT
30 May 2012: Response received from CERT with disclosure date set to 20 Jul 2012
21 Jul 2012: Public Disclosure
P
Exploit-DB
WordPress Plugin chenpress - Arbitrary File Upload
exploitdb·2012-07-21
CVE-2012-2570 WordPress Plugin chenpress - Arbitrary File Upload
WordPress Plugin chenpress - Arbitrary File Upload
---
source: https://www.securityfocus.com/bid/54635/info
The chenpress plugin for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.
An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
http://www.example.com/wp-content/plugins/chenpress/FCKeditor/editor/filemanager/browser/mcpuk/browser.html
No writeups or analysis indexed.
http://osvdb.org/84115http://secunia.com/advisories/50006http://www.exploit-db.com/exploits/20010http://www.securityfocus.com/bid/54628https://exchange.xforce.ibmcloud.com/vulnerabilities/77146http://osvdb.org/84115http://secunia.com/advisories/50006http://www.exploit-db.com/exploits/20010http://www.securityfocus.com/bid/54628https://exchange.xforce.ibmcloud.com/vulnerabilities/77146
2012-08-15
Published