CVE-2012-1000

Published: Feb 24, 2012Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in LEPTON 1.1.3 and other versions before 1.1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) message parameter to admins/login/forgot/index.php, or the (2) display_name or (3) email parameter to account/preferences.php.

Affected (4)

Products: Lepton Cms: Lepton

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Lepton Cms Lepton	Up to 1.1.3
Lepton Cms Lepton	Version 1.1.0
Lepton Cms Lepton	Version 1.1.1
Lepton Cms Lepton	Version 1.1.2

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (6)

http://www.lepton-cms.org/media/changelog/changelog_1.1.4.txt

Source: cve@mitre.org

http://www.lepton-cms.org/posts/security-release-lepton-1.1.4-52.php

Source: cve@mitre.org

PatchVendor Advisory

https://www.htbridge.ch/advisory/HTB23072

Source: cve@mitre.org

Exploit

http://www.lepton-cms.org/media/changelog/changelog_1.1.4.txt

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.lepton-cms.org/posts/security-release-lepton-1.1.4-52.php

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://www.htbridge.ch/advisory/HTB23072

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.