Multiple cross-site scripting (XSS) vulnerabilities in Open Journal Systems before 2.3.7 allow remote attackers and remote authenticated users to inject arbitrary web script or HTML via the (1) editor or (2) callback parameters to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php in the iBrowser plugin, (3) authors[][url] parameter to index.php, or (4) Bio Statement or (5) Abstract of Submission fields to the stripUnsafeHtml function in lib/pkp/classes/core/String.inc.php.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2012-09-06T21:00:00
Updated: 2018-01-11T15:57:02
Reserved: 2012-02-29T00:00:00
Link: CVE-2012-1469
JSON object: View
NVD Information
Status : Modified
Published: 2012-09-06T21:55:01.220
Modified: 2018-01-12T02:29:00.257
Link: CVE-2012-1469
JSON object: View
Redhat Information
No data.
CWE