CVE-2012-4871 – Litespeed Web Server - 'gtitle' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-4871
Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in LiteSpeed Web Server 4.1.11 allows remote attackers to inject arbitrary web script or HTML via the gtitle parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en rvice/graph_html.php en el panel de administrador en LiteSpeed ??Web Server v4.1.11 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro gtitle • https://www.exploit-db.com/exploits/37947 http://k1p0d.com/?p=25 http://packetstormsecurity.org/files/110974/LiteSpeed-4.1.11-Cross-Site-Scripting.html http://secunia.com/advisories/48400 https://exchange.xforce.ibmcloud.com/vulnerabilities/74144 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •