Multiple cross-site scripting (XSS) vulnerabilities in POSH (aka Posh portal or Portaneo) 3.0 up to and including 3.2.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) error parameter to /includes/plugins/mobile/scripts/login.php or (2) id parameter to portal/openrssarticle.php
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
posh project posh |