Description
Multiple cross-site scripting (XSS) vulnerabilities in code_editor.php in ocPortal before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) path or (2) line parameters.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by High-Tech Bridge · textwebappsphp
https://www.exploit-db.com/exploits/37022
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
http://ocportal.com/site/news/view/ocportal-security-update.htm
Various Sources x_refsource_confirm
http://ocportal.com/site/news/view/new-releases/ocportal-7-1-6-released.htm
Exploit x_refsource_misc
https://www.htbridge.com/advisory/HTB23078
Scores
EPSS
0.0692
EPSS Percentile
91.5%
Details
CWE
CWE-79
Status
published
Products (35)
ocportal/ocportal
4.0
ocportal/ocportal
4.0.1
ocportal/ocportal
4.0.2
ocportal/ocportal
4.0.3
ocportal/ocportal
4.0.4
ocportal/ocportal
4.0.5
ocportal/ocportal
4.1
ocportal/ocportal
4.1.1
ocportal/ocportal
4.1.2
ocportal/ocportal
4.1.3
... and 25 more
Published
Oct 01, 2012
Tracked Since
Feb 18, 2026