NVD

Id
43383  
Name
CVE-2012-1469  
Description
Multiple cross-site scripting (XSS) vulnerabilities in Open Journal Systems before 2.3.7 allow remote attackers and remote authenticated users to inject arbitrary web script or HTML via the (1) editor or (2) callback parameters to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php in the iBrowser plugin, (3) authors[][url] parameter to index.php, or (4) Bio Statement or (5) Abstract of Submission fields to the stripUnsafeHtml function in lib/pkp/classes/core/String.inc.php.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2012-09-06  
Modified Date
2012-09-07  
Seq
2012-1469  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
218017 43383 CVE-2012-1469 20120321 Multiple vulnerabilities in Open Journal Systems (OJS)  View
218018 43383 CVE-2012-1469 http://pkp.sfu.ca/ojs/RELEASE-2.3.7  View
218019 43383 CVE-2012-1469 http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431  View
218020 43383 CVE-2012-1469 open-journal-index-xss(74225)  View
218021 43383 CVE-2012-1469 open-journal-string-xss(74226)  View
218022 43383 CVE-2012-1469 open-journal-editor-xss(74227)  View
218023 43383 CVE-2012-1469 https://www.htbridge.com/advisory/HTB23079  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
28476 JVNDB-2012-004183 Open Journal Systems におけるクロスサイトスクリプティングの脆弱性 Open Journal Systems には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2012-1469 54707 CVE-2012-1469 43383 4.3 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004183.html 2012-03-16 2012-09-11 View