XSS Vulnerabilities in Osclass Information Advisory by: Netsparker (now Invicti) Name: XSS Vulnerability in Osclass Affected Software: Osclass Affected Versions: 3.4.1 and possibly below Vendor Homepage: http://osclass.org/ Vulnerability Type: Cross-site Scripting Severity: Critical CVE-ID: CVE-2014-6280 Invicti Advisory Reference: NS-14-030 Description Several cross-site scripting vulnerabilities were discovered in Osclass, an open-source project that allows you to create classified sites. Details Proof of Concept URLs for XSS in Osclass: For more information on cross-site scripting vulnerabilities, see Cross-site Scripting (XSS). Advisory Timeline 003/09/2014 - First Contact 03/09/2014 - Vulnerability Fixed: https://github.com/osclass/Osclass/commit/c163bf5910d0d36424d7fc678da6b03a0e443435 Credits & Authors These issues were discovered by Omar Kurt while testing Invicti Web Application Security Scanner.