QwikSec

Security Database

CVE

CWE

Training

CVE-2012-0988

Published: Sep 20, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in config/dmsDefaults.php in KnowledgeTree 3.7.0.2 and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) login.php, (2) admin.php, or (3) preferences.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

20120111 Multiple XSS in KnowledgeTree Community Edition

mailing-list

x_refsource_BUGTRAQ

knowledgetree-multiple-xss(72308)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SECUNIA

http://www.knowledgetree.org/Security_advisory:_URL_Manipulation

x_refsource_CONFIRM

https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_knowledgetree_community_edition.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.