CVE-2012-0873

Description

Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or the (2) photos_only, (3) online_only, or (4) mode parameters to viewFriends.php.

Affected products

• boonex / dolphin7.0.7
• boonex / dolphin5.1 – 5.1
• boonex / dolphin5.2 – 5.2
• boonex / dolphin6.1.2 – 6.1.2
• boonex / dolphin7.0.0 – 7.0.0
• boonex / dolphin7.0.1 – 7.0.1
• boonex / dolphin7.0.2 – 7.0.2
• boonex / dolphin7.0.3 – 7.0.3
• boonex / dolphin7.0.3 – 7.0.3
• boonex / dolphin7.0.4 – 7.0.4
• boonex / dolphin7.0.5 – 7.0.5
• boonex / dolphin7.0.6 – 7.0.6

References

• MISChttp://archives.neohapsis.com/archives/bugtraq/2012-02/0107.html
• MISChttp://www.boonex.com/n/dolphin-7-0-8-released
• MISChttp://www.boonex.com/trac/dolphin/changeset/15282
• MISChttp://www.boonex.com/trac/dolphin/changeset/15283
• MAILING_LISThttp://www.openwall.com/lists/oss-security/2012/02/20/11
• VENDOR_ADVISORYhttp://yehg.net/lab/pr0js/advisories/%5BDolphin_7.0.7%5D_xss
• MISChttp://www.boonex.com/trac/dolphin/ticket/2530
• MISChttp://www.securityfocus.com/bid/52088
• MAILING_LISThttp://www.openwall.com/lists/oss-security/2012/02/20/6