Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Osclass
(Juan_ramon)| Repositories | https://github.com/osclass/OSClass |
| #Vulnerabilities | 2 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2012-09-25 | CVE-2012-1617 | Directory traversal vulnerability in combine.php in OSClass before 2.3.6 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the type parameter. NOTE: this vulnerability can be leveraged to upload arbitrary files. | Osclass | N/A | ||
| 2012-09-25 | CVE-2012-0974 | Multiple cross-site scripting (XSS) vulnerabilities in the getParam function in oc-includes/osclass/core/Params.php in OSClass before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) sCity, (2) sPattern, (3) sPriceMax, and (4) sPriceMin parameters in a search action to index.php. | Osclass | N/A |