CVE-2014-6280

Multiple cross-site scripting XSS vulnerabilities in OSClass before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the 1 action or 2 nsextt parameter to oc-admin/index.php or the 3 nsextt parameter in an itemsreported action to oc-admin/index.php...