Vulnerability Details : CVE-2012-1469
Potential exploit
Multiple cross-site scripting (XSS) vulnerabilities in Open Journal Systems before 2.3.7 allow remote attackers and remote authenticated users to inject arbitrary web script or HTML via the (1) editor or (2) callback parameters to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php in the iBrowser plugin, (3) authors[][url] parameter to index.php, or (4) Bio Statement or (5) Abstract of Submission fields to the stripUnsafeHtml function in lib/pkp/classes/core/String.inc.php.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2012-1469
- cpe:2.3:a:pkp:open_journal_systems:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-1469
5.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-1469
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2012-1469
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-1469
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/74227
Public Knowledge Project Open Journal Systems editor cross-site scripting CVE-2012-1469 Vulnerability Report
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/74228
Public Knowledge Project Open Journal Systems articleId cross-site scripting CVE-2012-1469 Vulnerability Report
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/74225
Public Knowledge Project Open Journal Systems index.php cross-site scripting CVE-2012-1469 Vulnerability Report
-
http://pkp.sfu.ca/ojs/RELEASE-2.3.7
-
https://www.htbridge.com/advisory/HTB23079
Multiple vulnerabilities in Open Journal Systems (OJS) - HTB23079 Security Advisory | ImmuniWebExploit
-
http://archives.neohapsis.com/archives/bugtraq/2012-03/0102.html
Exploit
-
http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431
OJS 2.3.7 Released - PKP Support
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/74226
Public Knowledge Project Open Journal Systems string cross-site scripting CVE-2012-1469 Vulnerability Report
Jump to