Multiple cross-site scripting (XSS) vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) expand or (2) order parameter.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Owl_intranet_engine | Owl | 0.6 (including) | 0.6 (including) |
| Owl_intranet_engine | Owl | 0.7 (including) | 0.7 (including) |
| Owl_intranet_engine | Owl | 0.71 (including) | 0.71 (including) |
| Owl_intranet_engine | Owl | 0.72 (including) | 0.72 (including) |
| Owl_intranet_engine | Owl | 0.73 (including) | 0.73 (including) |