Multiple cross-site scripting (XSS) vulnerabilities in the getParam function in oc-includes/osclass/core/Params.php in OSClass before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) sCity, (2) sPattern, (3) sPriceMax, and (4) sPriceMin parameters in a search action to index.php.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2012-09-25T23:00:00Z
Updated: 2024-09-16T16:43:48.075Z
Reserved: 2012-02-01T00:00:00Z
Link: CVE-2012-0974
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2012-09-25T23:55:01.237
Modified: 2012-10-15T04:00:00.000
Link: CVE-2012-0974
Redhat
No data.