Description

Cross-site scripting (XSS) vulnerability in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an enable_category action to index.php.

Remediation

References

CVE-2012-5163

Related Vulnerabilities

WordPress Plugin Spotlight Social Feeds [Block, Shortcode, and Widget] Cross-Site Scripting (1.4.2)

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17300)

WordPress Plugin Share Buttons by AddThis Cross-Site Scripting (5.0.12)

WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions SQL Injection (2.3.2)

WordPress Plugin DM Albums Multiple File Deletion Vulnerabilities (2.1)

Severity

Medium

Classification

CVE-2012-5163 CWE-707

Tags

Missing Update Known Vulnerabilities