Multiple cross-site scripting (XSS) vulnerabilities in config/dmsDefaults.php in KnowledgeTree 3.7.0.2 and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) login.php, (2) admin.php, or (3) preferences.php.
References
Configurations
Information
Published : 2012-09-19 17:55
Updated : 2017-08-28 18:31
NVD link : CVE-2012-0988
Mitre link : CVE-2012-0988
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
jam_warehouse
- knowledgetree_open_source