CVE-2012-1469
Open Journal Systems < 2.3.7 - Cross-Site Scripting via iBrowser Plugin Parameters
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2012-1469. PoCs published by High-Tech Bridge.
AI-analyzed exploit summary This is a vulnerability writeup describing multiple issues in Open Journal Systems, including XSS, arbitrary file deletion, and file upload vulnerabilities. It provides a proof-of-concept for an XSS attack via the 'URL' field in the submissions page.
Description
Multiple cross-site scripting (XSS) vulnerabilities in Open Journal Systems before 2.3.7 allow remote attackers and remote authenticated users to inject arbitrary web script or HTML via the (1) editor or (2) callback parameters to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php in the iBrowser plugin, (3) authors[][url] parameter to index.php, or (4) Bio Statement or (5) Abstract of Submission fields to the stripUnsafeHtml function in lib/pkp/classes/core/String.inc.php.
Exploits (2)
This is a vulnerability writeup describing multiple issues in Open Journal Systems, including XSS, arbitrary file deletion, and file upload vulnerabilities. It provides a proof-of-concept for an XSS attack via the 'URL' field in the submissions page.
The provided text describes multiple vulnerabilities in Open Journal Systems 2.3.6, including XSS, arbitrary file deletion, and file upload. It includes example payloads for stored XSS but lacks executable exploit code.