CVE-2012-2941 – Yandex.Server 2010 9.0 - 'text' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-2941
Cross-site scripting (XSS) vulnerability in search/ in Yandex.Server 2010 9.0 Enterprise allows remote attackers to inject arbitrary web script or HTML via the text parameter. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en search/ in Yandex.Server 2010 v9.0 Enterprise permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro de texto. • https://www.exploit-db.com/exploits/37224 http://packetstormsecurity.org/files/112945/Yandex.Server-2010-9.0-Enterprise-Cross-Site-Scripting.html http://www.securityfocus.com/bid/53622 https://exchange.xforce.ibmcloud.com/vulnerabilities/75788 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •