QwikSec

Security Database

CVE

CWE

Training

CVE-2012-4352

Published: Feb 18, 2013

Modified: Sep 16, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in Stoneware webNetwork 6.1 before SP1 allow remote attackers to inject arbitrary web script or HTML via the blogName parameter to (1) community/blog.jsp or (2) community/blogSearch.jsp, the (3) calendarType or (4) monthNumber parameter to community/calendar.jsp, or the (5) flag parameter to swDashboard/ajax/setAppFlag.jsp.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://stoneware-docs.s3.amazonaws.com/Bulletins/Security%20Bulletin%206_1_0.pdf

x_refsource_CONFIRM

http://infosec42.blogspot.com/2012/10/stoneware-webnetwork-61-reflective-xss.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.