CVE-2011-5142
OBM Open Business Management < 2.4.0 - XSS
Title source: ruleDescription
Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 2.4.0-rc13 and probably earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tf_delegation, (2) tf_ip, or (3) tf_name parameter in a search action to host/host_index.php; (4) login parameter to obm.php; or (5) tf_user parameter in a search action to group/group_index.php.
References (5)
Scores
EPSS
0.0036
EPSS Percentile
57.6%
Classification
CWE
CWE-79
Status
published
Affected Products (2)
obm/open_business_management
< 2.4.0
n/a/n/a
Timeline
Published
Aug 31, 2012
Tracked Since
Feb 18, 2026