CVE Reference: CVE-2012-5919

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2012-5919

Description:
Multiple cross-site scripting (XSS) vulnerabilities in Havalite 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) find or (2) replace fields to havalite/findReplace.php; (3) username parameter to havalite/hava_login.php, (4) the Edit Article module, or (5) hava_post.php in the postAuthor module; (6) postId parameter to hava_post.php; (7) userId parameter to hava_user.php; or (8) linkId parameter to hava_link.php.

CVE Status:
Candidate

References:

XF
  http://xforce.iss.net/xforce/xfdb/75082

SAID
  Secunia Advisory: SA48646

OSVDB
  81324
  81325

MISC
  http://www.vulnerability-lab.com/get_content.php?id=520
  http://packetstormsecurity.org/files/112089/Havalite-CMS-1.0.4-Cross-Site-Scripting.html


Return to the previous page.