Description

Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in LiteSpeed Web Server 4.1.11 allows remote attackers to inject arbitrary web script or HTML via the gtitle parameter.

Remediation

References

CVE-2012-4871

Related Vulnerabilities

IBM WebSEAL Improper Input Validation Vulnerability (CVE-2020-4461)

WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.15)

Nexus Repository Manager Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2019-5475)

Joomla! Core 2.5.x Information Disclosure (2.5.0 - 2.5.4)

Ruby Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-2339)

Severity

Medium

Classification

CVE-2012-4871 CWE-707

Tags

Missing Update Known Vulnerabilities