Cross-Site Scripting Flaw in Powie pFile by Powie
CVE-2012-1211

Currently unrated

Key Information:

Vendor: Powie
Status: Pfile
Vendor: CVE Published:; 24 February 2012

What is CVE-2012-1211?

The vulnerability allows remote attackers to exploit Powie pFile version 1.02 by injecting arbitrary web scripts or HTML through the 'filecat' parameter in kommentar.php, posing a significant web security risk. Attackers may take advantage of this flaw to execute malicious scripts in the context of the user's browser, leading to potential data theft or unauthorized actions on behalf of the user.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/73165

vdb-entryx_refsource_XF

http://packetstormsecurity.org/files/109670/Pfile-1.02-Cr...

x_refsource_MISC

http://www.securityfocus.com/bid/51982

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 24, 2012
Vulnerability Reserved
Feb 20, 2012

CVE-2012-1211 Data

JSON