CVE-2012-5163

OSClass <2.3.5 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an enable_category action to index.php.

References (5)

[Patch, Vendor Advisory] http://osclass.org/2012/01/16/osclass-2-3-5/

[Vendor Advisory] http://secunia.com/advisories/47697

[Various Sources] http://www.codseq.it/advisories/multiple_vulnerabilities_in_osclass

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/78962

[Vendor Advisory] https://github.com/osclass/OSClass/commit/ff7ef8a97301aaaf6a97fe46c2c27981a86b4e2f#diff-1

Scores

EPSS 0.0040

EPSS Percentile 60.1%

Classification

CWE

CWE-79

Status published

Affected Products (2)

osclass/osclass < 2.3.4

n/a/n/a

Timeline

Published Sep 26, 2012

Tracked Since Feb 18, 2026