Cross-site scripting (XSS) vulnerability in loader.cfm in PaperThin CommonSpot Content Server 4.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the bNewWindow parameter.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Commonspot_content_server | Paperthin | * | 4.5 (including) |
Commonspot_content_server | Paperthin | 2.5 (including) | 2.5 (including) |
Commonspot_content_server | Paperthin | 3.0 (including) | 3.0 (including) |
Commonspot_content_server | Paperthin | 3.2 (including) | 3.2 (including) |
Commonspot_content_server | Paperthin | 4.0 (including) | 4.0 (including) |