Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the (1) next_template, (2) start, (3) curr_menu_id, and (4) arid parameters in psoft/servlet/resadmin/psoft.hsphere.CP when using the mailman/massmail.html template_name.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
positive software h-sphere 2.5 |
||
positive software h-sphere 2.5_patch_1 |
||
positive software h-sphere |
||
positive software h-sphere 2.5_patch_2 |
||
positive software h-sphere 2.5_rc_3 |