Cross-site scripting (XSS) vulnerability in the cleanup_urls function in forum/utils/html.py in OSQA before 1234, and 0.9.0 Beta 3 and earlier, allows remote attackers to inject arbitrary web script or HTML via vectors related to a crafted URI.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:36
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://jvn.jp/en/jp/JVN15503729/index.html - | |
| References | () http://jvndb.jvn.jp/jvndb/JVNDB-2012-000036 - | |
| References | () http://svn.osqa.net/changelog/OSQA/osqa/trunk?cs=1234 - | |
| References | () http://www.securityfocus.com/bid/53259 - | |
| References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/75182 - |
Information
Published : 2012-04-27 16:55
Updated : 2025-04-11 00:51
NVD link : CVE-2012-1245
Mitre link : CVE-2012-1245
CVE.ORG link : CVE-2012-1245
JSON object : View
Products Affected
osqa
- osqa
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')