3 matches found
CVE-2012-1468
Open Journal Systems (OJS) prior to 2.3.7 contains an incomplete blacklist vulnerability that allows remote authenticated users with the Author role to upload files with executable extensions (not just .php) and access them via submission/original/ to execute arbitrary code. Public advisories tie...
CVE-2012-1469
CVE-2012-1469 corresponds to multiple XSS vulnerabilities in Open Journal Systems (OJS) up to version 2.3.6, affecting the iBrowser component (lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php) and input fields (editor/callback, authors[][url], Bio Statement, Abstract of Submiss...
CVE-2012-1467
CVE-2012-1467 relates to Open Journal Systems (OJS) versions prior to 2.3.7, where multiple directory traversal vulnerabilities exist in the iBrowser plugin library. Specifically, the param parameter passed to /lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/scripts/rfiles.php can be manip...