CVE-2012-4052

Jease < 2.8 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in Jease before 2.9, when creating a comment, allow remote attackers to inject arbitrary web script or HTML via the (1) author, (2) subject, or (3) comment parameter.

References (3)

[Various Sources] http://www.jease.org/download/2.9/

[Mailing List] https://groups.google.com/forum/?fromgroups#%21topic/jease/2BHaDww-5ac%5B1-25%5D

[Vendor Advisory] https://www.htbridge.com/advisory/HTB23104

Scores

EPSS 0.0025

EPSS Percentile 48.5%

Classification

CWE

CWE-79

Status published

Affected Products (30)

jease/jease < 2.8

jease/jease

... and 15 more

Timeline

Published Aug 20, 2012

Tracked Since Feb 18, 2026