Arbitrary Web Script Injection via gtitle Parameter in LiteSpeed Web Server 4.1.11

CVE-2012-4871 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in LiteSpeed Web Server 4.1.11 allows remote attackers to inject arbitrary web script or HTML via the gtitle parameter.

Learn more about our Web App Pen Testing.