CVE-2012-6430 Information

Description

Cross-site scripting (XSS) vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0 possibly as downloaded before December 19 2012 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin.php. NOTE: this might be a duplicate of CVE-2008-4140.

Reference

http://archives.neohapsis.com/archives/bugtraq/2013-01/0035.html http://osvdb.org/89119 http://osvdb.org/89120 http://packetstormsecurity.com/files/119422/Quick.Cms-5.0-Quick.Cart-6.0-Cross-Site-Scripting.html http://secunia.com/advisories/51769 http://secunia.com/advisories/51813 https://exchange.xforce.ibmcloud.com/vulnerabilities/81169 https://www.htbridge.com/advisory/HTB23135