Multiple cross-site scripting (XSS) vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) expand or (2) order parameter.
Software | From | Fixed in |
---|---|---|
owl / owl_intranet_engine | 0.6 | 0.6.x |
owl / owl_intranet_engine | 0.7 | 0.7.x |
owl / owl_intranet_engine | 0.71 | 0.71.x |
owl / owl_intranet_engine | 0.72 | 0.72.x |
owl / owl_intranet_engine | 0.73 | 0.73.x |