Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Osclass Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-6280)

Description

Multiple cross-site scripting (XSS) vulnerabilities in OSClass before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) action or (2) nsextt parameter to oc-admin/index.php or the (3) nsextt parameter in an items_reported action to oc-admin/index.php.

Remediation

References

Related Vulnerabilities

Magento Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8707)

Oracle Application Server CVE-2006-0289 Vulnerability (CVE-2006-0289)

WordPress Plugin Form Maker by 10Web-Mobile-Friendly Drag & Drop Contact Form Builder Unspecified Vulnerability (1.7.56)

MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2026-34094)

WordPress Plugin NextScripts:Social Networks Auto-Poster Cross-Site Scripting (4.3.20)

Severity

Medium

Classification

CVE-2014-6280 CWE-707

Tags

Missing Update Known Vulnerabilities