Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5163

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-5163
Last Modified 18 Jan 2013 11:50:22
Published 25 Sep 2012 08:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-5163

Summary

Cross-site scripting (XSS) vulnerability in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an enable_category action to index.php.

Vulnerable Systems

Application

  • Osclass 2.3.4


References

CONFIRM - https://github.com/osclass/OSClass/commit/ff7ef8a97301aaaf6a97fe46c2c27981a86b4e2f#diff-1

MISC - http://www.codseq.it/advisories/multiple_vulnerabilities_in_osclass

SECUNIA - 47697

CONFIRM - http://osclass.org/2012/01/16/osclass-2-3-5/

XF - osclass-index-ajax-xss(78962)


Last Updated: 27 May 2016 11:00:48