CVE-2012-1782
Description
Multiple cross-site scripting (XSS) vulnerabilities in questions/ask in OSQA 3b allow remote attackers to inject arbitrary web script or HTML via the (1) url bar or (2) picture bar.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
OSQA's CMS - Multiple HTML Injection Vulnerabilities
source: https://www.securityfocus.com/bid/52184/info
OSQA's CMS is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and control how the site is rendered to the user; other attacks are also possible.
OSQA 3b is vulnerable; other versions may also be affected.
http://www.example.com/questions/ask/ press url bar & put xss code <img src="<img src=search"/onerror=alert("xss")//">
http://www.example.com/questions/ask/ press picture bar & put xss code <img src="<img src=search"/onerror=alert("xss")//"> Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| osqa | osqa | 3b | |
References
- http://archives.neohapsis.com/archives/bugtraq/2012-02/0164.html
- http://www.securityfocus.com/bid/52184
- http://www.vulnerability-lab.com/get_content.php?id=461
- http://archives.neohapsis.com/archives/bugtraq/2012-02/0164.html
- http://www.securityfocus.com/bid/52184
- http://www.vulnerability-lab.com/get_content.php?id=461
CWEs
CWE-79
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.