QwikSec

Security Database

CVE

CWE

Training

CVE-2012-5919

Published: Nov 19, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in Havalite 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) find or (2) replace fields to havalite/findReplace.php; (3) username parameter to havalite/hava_login.php, (4) the Edit Article module, or (5) hava_post.php in the postAuthor module; (6) postId parameter to hava_post.php; (7) userId parameter to hava_user.php; or (8) linkId parameter to hava_link.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_OSVDB

havalite-multiple-xss(75082)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_OSVDB

http://www.vulnerability-lab.com/get_content.php?id=520

x_refsource_MISC

http://packetstormsecurity.org/files/112089/Havalite-CMS-1.0.4-Cross-Site-Scripting.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.