Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1469

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-1469
Last Modified 07 Sep 2012 09:45:02
Published 06 Sep 2012 05:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1469

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Open Journal Systems before 2.3.7 allow remote attackers and remote authenticated users to inject arbitrary web script or HTML via the (1) editor or (2) callback parameters to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php in the iBrowser plugin, (3) authors[][url] parameter to index.php, or (4) Bio Statement or (5) Abstract of Submission fields to the stripUnsafeHtml function in lib/pkp/classes/core/String.inc.php.

Vulnerable Systems

Application

  • Pkp Open Journal Systems 2.3.6


References

MISC - https://www.htbridge.com/advisory/HTB23079

XF - open-journal-editor-xss(74227)

XF - open-journal-string-xss(74226)

XF - open-journal-index-xss(74225)

OSVDB - 80257

OSVDB - 80256

OSVDB - 80255

SECUNIA - 48464

SECUNIA - 48449

CONFIRM - http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431

CONFIRM - http://pkp.sfu.ca/ojs/RELEASE-2.3.7

BUGTRAQ - 20120321 Multiple vulnerabilities in Open Journal Systems (OJS)


Last Updated: 27 May 2016 11:00:28