Candidate: CVE-2012-1469
PublicDate: 2012-09-06 21:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1469
 https://www.htbridge.com/advisory/HTB23079
 http://xforce.iss.net/xforce/xfdb/74227
 http://xforce.iss.net/xforce/xfdb/74226
 http://xforce.iss.net/xforce/xfdb/74225
 http://secunia.com/advisories/48464
 http://secunia.com/advisories/48449
 http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431
 http://pkp.sfu.ca/ojs/RELEASE-2.3.7
 http://archives.neohapsis.com/archives/bugtraq/2012-03/0102.html
Description:
 Multiple cross-site scripting (XSS) vulnerabilities in Open Journal Systems
 before 2.3.7 allow remote attackers and remote authenticated users to
 inject arbitrary web script or HTML via the (1) editor or (2) callback
 parameters to
 lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php in the
 iBrowser plugin, (3) authors[][url] parameter to index.php, or (4) Bio
 Statement or (5) Abstract of Submission fields to the stripUnsafeHtml
 function in lib/pkp/classes/core/String.inc.php.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_ojs:
upstream_ojs: released (2.3.7)
hardy_ojs: DNE
lucid_ojs: DNE
natty_ojs: ignored (reached end-of-life)
oneiric_ojs: ignored (reached end-of-life)
precise_ojs: DNE
quantal_ojs: DNE
raring_ojs: DNE
devel_ojs: DNE