MidnightBSD

Advisories for openclassifieds

CVE-2014-2024 MEDIUM

Cross-site scripting (XSS) vulnerability in classes/controller/error.php in Open Classifieds 2 before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to shared-apartments-rooms/.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
openclassifieds open_classifieds_2 2.0.7
openclassifieds open_classifieds_2 2.0.3
openclassifieds open_classifieds_2 2.1
openclassifieds open_classifieds_2 2.0.1
openclassifieds open_classifieds_2 2.1.1
openclassifieds open_classifieds_2 2.0.8
openclassifieds open_classifieds_2 2.0.6
openclassifieds open_classifieds_2 2.0.5
openclassifieds open_classifieds_2 2.0
openclassifieds open_classifieds_2 2.0.4
openclassifieds open_classifieds_2 *
openclassifieds open_classifieds_2 2.0.2