CVE-2012-1782

Name of the Vulnerable Software and Affected Versions OSQA version 3b

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the (1) url bar or (2) picture bar.

Recommendations For OSQA version 3b, update to a version that includes a fix for the XSS vulnerabilities in the questions/ask functionality. As a temporary workaround, consider restricting user input in the url bar and picture bar to minimize the risk of exploitation.