Published: 14/03/2014 Updated: 09/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in classes/controller/error.php in Open Classifieds 2 prior to 2.1.3 allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to shared-apartments-rooms/.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openclassifieds open classifieds 2 2.0.4
openclassifieds open classifieds 2 2.0.5
openclassifieds open classifieds 2 2.0.2
openclassifieds open classifieds 2 2.0.3
openclassifieds open classifieds 2 2.1.1
openclassifieds open classifieds 2
openclassifieds open classifieds 2 2.0.6
openclassifieds open classifieds 2 2.0.7
openclassifieds open classifieds 2 2.0
openclassifieds open classifieds 2 2.0.1
openclassifieds open classifieds 2 2.0.8
openclassifieds open classifieds 2 2.1

Open Classifieds version 2-212 suffers from a cross site scripting vulnerability ...

CWE-79 https://github.com/open-classifieds/openclassifieds2/commit/45ee8fb601a91b8a4238229580a32a4fd8d96ef9 https://www.htbridge.com/advisory/HTB23204 https://github.com/open-classifieds/openclassifieds2/issues/556 http://www.securityfocus.com/archive/1/531428/100/0/threaded https://nvd.nist.gov https://packetstormsecurity.com/files/125675/Open-Classifieds-2-2.1.2-Cross-Site-Scripting.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-2024

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect