CVE-2011-5312 Information

Feb 14, 2021 cve

Description

Multiple cross-site scripting (XSS) vulnerabilities in Gollos 2.8 allow remote attackers to inject arbitrary web script or HTML via the returnurl parameter to (1) register.aspx (2) publication/info.aspx or (3) user/add.aspx or (4) the q parameter to product/list.aspx.

Reference

https://www.htbridge.com/advisory/HTB22830 Multiple cross-site scripting (XSS) vulnerabilities in Gollos 2.8 allow remote attackers to inject arbitrary web script or HTML via the returnurl parameter to (1) register.aspx (2) publication/info.aspx or (3) user/add.aspx or (4) the q parameter to product/list.aspx.

Share on: