CVE-2011-4552

Oneclickorgs One Click Orgs < 1.2.2 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in One Click Orgs before 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the description field of (1) a new vote or (2) the eject member proposal feature.

References (2)

[Various Sources] http://dmcdonald.net/?page_id=43

[Mailing List] https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en&dmode=source&output=gplain

Scores

EPSS 0.0022

EPSS Percentile 45.0%

Classification

CWE

CWE-79

Status published

Affected Products (8)

oneclickorgs/one_click_orgs < 1.2.2

oneclickorgs/one_click_orgs

n/a/n/a

Timeline

Published Dec 06, 2011

Tracked Since Feb 18, 2026