CVE-2012-1469
published 2012-09-06CVE-2012-1469: Multiple cross-site scripting (XSS) vulnerabilities in Open Journal Systems before 2.3.7 allow remote attackers and remote authenticated users to inject…
PriorityP421medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
3.08%
86.0th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Open Journal Systems before 2.3.7 allow remote attackers and remote authenticated users to inject arbitrary web script or HTML via the (1) editor or (2) callback parameters to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php in the iBrowser plugin, (3) authors[][url] parameter to index.php, or (4) Bio Statement or (5) Abstract of Submission fields to the stripUnsafeHtml function in lib/pkp/classes/core/String.inc.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pkp | open_journal_systems | <= 2.3.6 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Open Journal Systems (OJS) 2.3.6 - '/lib/pkp/classes/core/String.inc.php?String::stripUnsafeHtml()' Method Cross-Site Scripting
exploitdb·2012-03-21
CVE-2012-1469 Open Journal Systems (OJS) 2.3.6 - '/lib/pkp/classes/core/String.inc.php?String::stripUnsafeHtml()' Method Cross-Site Scripting
Open Journal Systems (OJS) 2.3.6 - '/lib/pkp/classes/core/String.inc.php?String::stripUnsafeHtml()' Method Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/52666/info
Open Journal Systems is prone to following multiple vulnerabilities because the software fails to sufficiently sanitize user-supplied input:
1. An arbitrary-file-deletion vulnerability
2. A security vulnerability
3. An arbitrary-file-upload vulnerability
4. Multiple cross-site scripting vulnerabilities
An attacker may leverage these issues to execute arbitrary script code, upload arbitrary files, and execute arbitrary code with administrative privileges. These issues may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Open Journal Systems 2.3.6 is vulnerabl
Exploit-DB
Open Journal Systems (OJS) 2.3.6 - 'index.php?authors[][url]' Cross-Site Scripting
exploitdb·2012-03-21
CVE-2012-1469 Open Journal Systems (OJS) 2.3.6 - 'index.php?authors[][url]' Cross-Site Scripting
Open Journal Systems (OJS) 2.3.6 - 'index.php?authors[][url]' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/52666/info
Open Journal Systems is prone to following multiple vulnerabilities because the software fails to sufficiently sanitize user-supplied input:
1. An arbitrary-file-deletion vulnerability
2. A security vulnerability
3. An arbitrary-file-upload vulnerability
4. Multiple cross-site scripting vulnerabilities
An attacker may leverage these issues to execute arbitrary script code, upload arbitrary files, and execute arbitrary code with administrative privileges. These issues may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Open Journal Systems 2.3.6 is vulnerable; other versions may also be affected.
On t
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2012-03/0102.htmlhttp://pkp.sfu.ca/ojs/RELEASE-2.3.7http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431http://secunia.com/advisories/48449http://secunia.com/advisories/48464http://www.osvdb.org/80255http://www.osvdb.org/80256http://www.osvdb.org/80257https://exchange.xforce.ibmcloud.com/vulnerabilities/74225https://exchange.xforce.ibmcloud.com/vulnerabilities/74226https://exchange.xforce.ibmcloud.com/vulnerabilities/74227https://exchange.xforce.ibmcloud.com/vulnerabilities/74228https://www.htbridge.com/advisory/HTB23079http://archives.neohapsis.com/archives/bugtraq/2012-03/0102.htmlhttp://pkp.sfu.ca/ojs/RELEASE-2.3.7http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431http://secunia.com/advisories/48449http://secunia.com/advisories/48464http://www.osvdb.org/80255http://www.osvdb.org/80256http://www.osvdb.org/80257https://exchange.xforce.ibmcloud.com/vulnerabilities/74225https://exchange.xforce.ibmcloud.com/vulnerabilities/74226https://exchange.xforce.ibmcloud.com/vulnerabilities/74227https://exchange.xforce.ibmcloud.com/vulnerabilities/74228https://www.htbridge.com/advisory/HTB23079
2012-09-06
Published