We found results for “


Good to know:


Date: November 21, 2016

The cross-site scripting vulnerability can be triggered by an authenticated administrator visiting a malicious link. Since osClass allows a user by default to upload images via AJAX, an attacker can attach PHP code to the EXIF data in form of an image description. The administration module of osClass contains a local file inclusion vulnerability. By chaining these three vulnerabilities, the exploitation of the cross-site scripting issue leads to remote code execution on a targeted web server.

Language: PHP

Severity Score

Severity Score

Weakness Type (CWE)



Top Fix


Upgrade Version

Upgrade to version v3.7.0

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): NONE

Do you need more information?

Contact Us