Published: 23/02/2012 Updated: 24/02/2012

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 440

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin prior to 7.0.8 allow remote malicious users to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or the (2) photos_only, (3) online_only, or (4) mode parameters to viewFriends.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
boonex dolphin 6.1.2
boonex dolphin 5.2
boonex dolphin 7.0.3
boonex dolphin 7.0.4
boonex dolphin 7.0.5
boonex dolphin 7.0.6
boonex dolphin 7.0.0
boonex dolphin 7.0.2
boonex dolphin 5.1
boonex dolphin 7.0.1
boonex dolphin

source: wwwsecurityfocuscom/bid/52088/info Dolphin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site This may let the attac ...

source: wwwsecurityfocuscom/bid/52088/info Dolphin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site This may let the attacke ...

CWE-79 http://www.boonex.com/trac/dolphin/changeset/15283 http://www.openwall.com/lists/oss-security/2012/02/20/11 http://www.securityfocus.com/bid/52088 http://yehg.net/lab/pr0js/advisories/%5BDolphin_7.0.7%5D_xss http://www.boonex.com/n/dolphin-7-0-8-released http://archives.neohapsis.com/archives/bugtraq/2012-02/0107.html http://www.boonex.com/trac/dolphin/ticket/2530 http://www.boonex.com/trac/dolphin/changeset/15282 http://www.openwall.com/lists/oss-security/2012/02/20/6 https://nvd.nist.gov https://www.exploit-db.com/exploits/36854/

CVE-2012-0873

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect