CVE-2012-0872 in OxWallinfo

Summary

Multiple cross-site scripting (XSS) vulnerabilities in OxWall 1.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) captchaField, (2) email, (3) form_name, (4) password, (5) realname, (6) repeatPassword, or (7) username parameters to Oxwall/join; (8) captcha, (9) email, (10) form_name, (11) from, or (12) subject parameters to Oxwall/contact; (13) tag parameter to Oxwall/blogs/browse-by-tag; or (14) PATH_INFO to Oxwall/photo/viewlist/tagged, (15) Oxwall/photo/viewlist, or (16) Oxwall/video/viewlist.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

01/19/2012

Disclosure

03/19/2012

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-79 (Confirmed)

CVSS

4.3

EPSS

0.00515

CTI

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-0872
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-0872
CVE Details	https://www.cvedetails.com/cve/CVE-2012-0872/

◂ Previous Overview Next ▸

Want to know what is going to be exploited?

We predict KEV entries!