Description
Cross-site scripting (XSS) vulnerability in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an enable_category action to index.php.
Remediation
References
Related Vulnerabilities
Apache Tomcat Other Vulnerability (CVE-2007-6286)
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Information Disclosure (5.1.2)
WordPress Plugin Google Analytics Counter Tracker PHP Object Injection (3.4.0)
Nginx Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-2263)
Apache Tomcat Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2020-13935)