QwikSec

Security Database

CVE

CWE

Training

CVE-2011-5042

Published: Dec 30, 2011

Modified: Aug 7, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in inc/lib/lib.base.php in SASHA 0.2.0 allows remote attackers to inject arbitrary web script or HTML via the instructors parameter. NOTE: the original disclosure also mentions the section_title parameter, but this was disputed by the vendor and retracted by the original researcher.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://sourceforge.net/apps/mantisbt/sasha/view.php?id=13

x_refsource_CONFIRM

20111218 SASHA v0.2.0 Mutiple XSS

mailing-list

x_refsource_BUGTRAQ

sasha-multiple-xss(71874)

vdb-entry

x_refsource_XF

http://sasha.svn.sourceforge.net/viewvc/sasha/branches/SASHA_0.2/SASHA/inc/lib/lib.base.php?r1=95&r2=96&pathrev=96

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2011-5042 - Security Vulnerability | QwikSec