CVE-2012-4336 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flogr 2.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) an arbitrary parameter.

Reference

http://archives.neohapsis.com/archives/bugtraq/2012-09/0021.html http://www.securityfocus.com/bid/55418 https://exchange.xforce.ibmcloud.com/vulnerabilities/78310 https://exchange.xforce.ibmcloud.com/vulnerabilities/78311 https://www.htbridge.com/advisory/HTB23110