Description

Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or the (2) photos_only, (3) online_only, or (4) mode parameters to viewFriends.php.

Remediation

References

CVE-2012-0873

Related Vulnerabilities

Oracle Application Server CVE-2010-0070 Vulnerability (CVE-2010-0070)

WordPress Plugin Retain Live Chat Cross-Site Scripting (0.1)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1766)

WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Cross-Site Scripting (7.9)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-4408)

Severity

Medium

Classification

CVE-2012-0873 CWE-707

Tags

Missing Update Known Vulnerabilities