CVE-2012-4267 Information

Description

Cross-site scripting (XSS) vulnerability in user/register in Sockso 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter.

Reference

http://secunia.com/advisories/49148 http://smwyg.com/blog/sockso-persistant-xss-attack http://www.exploit-db.com/exploits/18868 https://github.com/rodnaph/sockso/commit/fe2d895ea8eb8b8ccad5a3319f472e45d6ba5136 https://github.com/rodnaph/sockso/issues/93 https://github.com/rodnaph/sockso/pull/99/files