2 matches found
CVE-2012-1782
CVE-2012-1782 concerns OSQA 3b, specifically the questions/ask path, where multiple cross-site scripting (XSS) vulnerabilities exist. The available connected documents confirm that remote attackers can inject arbitrary web script or HTML via the (1) URL bar or (2) picture bar. The root cause is d...
CVE-2012-1245
OSQA contains a cross-site scripting (XSS) vulnerability in the cleanup_urls function of forum/utils/html.py. The flaw affects OSQA before 1234 and 0.9.0 Beta 3 and earlier, permitting remote attackers to inject arbitrary web script or HTML via crafted URI vectors. The issue is tied to OSQA’s tru...