This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Ocportal First view 2012-10-01
Product Ocportal Last view 2015-03-23
Version 4.0.5 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:ocportal:ocportal

Activity : Overall

Related : CVE

  Date Alert Description
3.5 2015-03-23 CVE-2015-2677

Multiple cross-site scripting (XSS) vulnerabilities in ocPortal before 9.0.17 allow remote authenticated users to inject arbitrary web script or HTML via the (1) title or (2) text field in the cms_calendar page to cms/index.php; unspecified fields in (3) the cms_polls page to cms/index.php or (4) a new topic in the topics page to forum/index.php; or (5) a new PT (private topic/private message) in the topics page to forum/index.php.

5.8 2012-10-01 CVE-2012-5234

Open redirect vulnerability in index.php in ocPortal before 7.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter.

5 2012-10-01 CVE-2012-1471

Directory traversal vulnerability in catalogue_file.php in ocPortal before 7.1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

4.3 2012-10-01 CVE-2012-1470

Multiple cross-site scripting (XSS) vulnerabilities in code_editor.php in ocPortal before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) path or (2) line parameters.

CWE : Common Weakness Enumeration

%idName
50% (2) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
25% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
25% (1) CWE-20 Improper Input Validation

OpenVAS Exploits

id Description
2012-04-03 Name : ocPortal Arbitrary File Disclosure and Cross Site Scripting Vulnerabilities
File : nvt/gb_ocportal_52768.nasl