VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 26, 2012· Updated Apr 29, 2026

CVE-2012-5163

CVE-2012-5163

Description

Cross-site scripting (XSS) vulnerability in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an enable_category action to index.php.

Affected products

1
  • Osclass/Osclass
    cpe:2.3:a:osclass:osclass:*:*:*:*:*:*:*:*
    Range: <=2.3.4

Patches

1
ff7ef8a97301
https://github.com/osclass/OSClassvia nvd-ref
commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

0

No linked articles in our index yet.