CVE-2012-0872 Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in OxWall 1.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) captchaField (2) email (3) form_name (4) password (5) realname (6) repeatPassword or (7) username parameters to Oxwall/join; (8) captcha (9) email (10) form_name (11) from or (12) subject parameters to Oxwall/contact; (13) tag parameter to Oxwall/blogs/browse-by-tag; or (14) PATH_INFO to Oxwall/photo/viewlist/tagged (15) Oxwall/photo/viewlist or (16) Oxwall/video/viewlist.
Reference
http://archives.neohapsis.com/archives/bugtraq/2012-02/0106.html http://archives.neohapsis.com/archives/bugtraq/2012-02/0113.html http://www.openwall.com/lists/oss-security/2012/02/20/10 http://www.openwall.com/lists/oss-security/2012/02/20/5 http://www.securityfocus.com/bid/52090 http://yehg.net/lab/pr0js/advisories/5BOxWall_1.1.15D_xss https://exchange.xforce.ibmcloud.com/vulnerabilities/73466
Share on: