Description
Multiple cross-site scripting (XSS) vulnerabilities in OSClass before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) action or (2) nsextt parameter to oc-admin/index.php or the (3) nsextt parameter in an items_reported action to oc-admin/index.php.
Remediation
References
Related Vulnerabilities
MySQL CVE-2015-4833 Vulnerability (CVE-2015-4833)
Magento Cryptographic Issues Vulnerability (CVE-2019-7886)
WordPress Plugin easyping-website subscriptions done right PHP Object Injection (0.0.1)
PHP Out-of-bounds Read Vulnerability (CVE-2020-7061)
WordPress Plugin GD bbPress Tools Cross-Site Scripting (1.7)