Description
Cross-site scripting (XSS) vulnerability in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an enable_category action to index.php.
Remediation
References
Related Vulnerabilities
Jenkins Incorrect Authorization Vulnerability (CVE-2018-1999004)
WordPress Plugin WP Add Mime Types Cross-Site Request Forgery (2.2.1)
WordPress Plugin WooCommerce Product Vendors Cross-Site Scripting (2.0.35)
WordPress Plugin WP-Lister Lite for eBay Cross-Site Scripting (2.0.8.3)
Oracle Database Server CVE-2026-21939 Vulnerability (CVE-2026-21939)