CVE-2012-1469

NONECVSS 0.0

0.0

Multiple cross-site scripting (XSS) vulnerabilities in Open Journal Systems before 2.3.7 allow remote attackers and remote authenticated users to inject arbitrary web script or HTML via the (1) editor or (2) callback parameters to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php in the iBrowser plugin, (3) authors[][url] parameter to index.php, or (4) Bio Statement or (5) Abstract of Submission fields to the stripUnsafeHtml function in lib/pkp/classes/core/String.inc.php.

🔗 References (26)

cve@mitrehttp://archives.neohapsis.com/archives/bugtraq/2012-03/0102.html
cve@mitrehttp://pkp.sfu.ca/ojs/RELEASE-2.3.7
cve@mitrehttp://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431
cve@mitrehttp://secunia.com/advisories/48449
cve@mitrehttp://secunia.com/advisories/48464
cve@mitrehttp://www.osvdb.org/80255
cve@mitrehttp://www.osvdb.org/80256
cve@mitrehttp://www.osvdb.org/80257
cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/74225
cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/74226
cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/74227
cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/74228
cve@mitrehttps://www.htbridge.com/advisory/HTB23079
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2012-03/0102.html
af854a3a-2127-422b-91ae-364da2661108http://pkp.sfu.ca/ojs/RELEASE-2.3.7

Is Your Infrastructure Affected by CVE-2012-1469?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2012-1469

📅 Published

🔄 Last Modified

🔗 References (26)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2012-1469?