Dolphin Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2012-0873
Reference:
CVE-2012-0873
Title:
Dolphin Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:
Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or the (2) photos_only (3) online_only or (4) mode parameters to viewFriends.php.