jetlib.sec » Full Disclosure » Multiple Cross-site Scripting Vulnerabilities in OSclass 3.7.4

Feeds

261985 items (0 unread) in 27 feeds

• 0day.today (was: 1337day, Inj3ct0r, 1337db)
• OSVDB Vulnerabilities
• Exploit-DB
• SecurityFocus Vulnerabilities
• Bugtraq
• Full Disclosure
• XSSed
• Packet Storm Security Headlines
• Packet Storm Security Advisories
• Packet Storm Security Exploits
• Packet Storm Security Recent Files
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing
• SecuriTeam
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

Full Disclosure

• December 04, 2018
• 

  Multiple Cross-site Scripting Vulnerabilities in OSclass 3.7.4

  Posted: December 4th, 2018, 9:02am PST

  Tags:   

  Posted by Daniel Bishtawi on Dec 04

  Hello,
  
  We are glad to inform you about the vulnerabilities we reported in OSclass
  3.7.4.
  
  Here are the details:
  
  Advisory by Netsparker
  Name: Multiple Cross-site Scripting Vulnerabilities in OSclass 3.7.4
  Affected Software: OSclass
  Affected Versions: 3.7.4
  Homepage: https://osclass.org/
  Vulnerability: Reflected Cross-site Scripting, Stored Cross-site Scripting
  Severity: High
  Status: Fixed
  CVE-ID: - 2018-14481
  CVSS Score (3.0):
  Reflected XSS...