CVE-2012-1469

PKP Open Journal Systems < 2.3.6 - XSS

Title source: rule
STIX 2.1

Description

Multiple cross-site scripting (XSS) vulnerabilities in Open Journal Systems before 2.3.7 allow remote attackers and remote authenticated users to inject arbitrary web script or HTML via the (1) editor or (2) callback parameters to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php in the iBrowser plugin, (3) authors[][url] parameter to index.php, or (4) Bio Statement or (5) Abstract of Submission fields to the stripUnsafeHtml function in lib/pkp/classes/core/String.inc.php.

Exploits (2)

exploitdb WRITEUP VERIFIED
by High-Tech Bridge · textwebappsphp
https://www.exploit-db.com/exploits/36999
exploitdb WRITEUP VERIFIED
by High-Tech Bridge · textwebappsphp
https://www.exploit-db.com/exploits/37000

References (13)

Core 13
Core References
Various Sources x_refsource_confirm
http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/74228
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/74225
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48449
Various Sources x_refsource_confirm
http://pkp.sfu.ca/ojs/RELEASE-2.3.7
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/74227
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/80257
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/80255
Exploit mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-03/0102.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48464
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/80256
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/74226

Scores

EPSS 0.2477
EPSS Percentile 96.2%

Details

CWE
CWE-79
Status published
Products (1)
pkp/open_journal_systems < 2.3.6
Published Sep 06, 2012
Tracked Since Feb 18, 2026