Description

Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in LiteSpeed Web Server 4.1.11 allows remote attackers to inject arbitrary web script or HTML via the gtitle parameter.

Remediation

References

CVE-2012-4871

Related Vulnerabilities

WordPress Plugin Mail Control-Email Customizer, SMTP Deliverability, logging, open and click Tracking Cross-Site Scripting (0.3.1)

Oracle HTTP Server CVE-2021-2480 Vulnerability (CVE-2021-2480)

WordPress Plugin Plotly Cross-Site Scripting (1.0.2)

WordPress Plugin Insert or Embed Articulate Content into WordPress Security Bypass (4.2996)

WordPress Plugin Pricing Table by Supsystic Multiple Vulnerabilities (1.8.7)

Severity

Medium

Classification

CVE-2012-4871 CWE-707

Tags

Missing Update Known Vulnerabilities