Cross-site Scripting Vulnerability in mod_pagespeed for Apache HTTP Server
CVE-2012-4360

Currently unrated

Key Information:

Vendor: Google
Status: Mod Pagespeed
Vendor: CVE Published:; 15 September 2012

Summary

The mod_pagespeed module for Apache HTTP Server contains a cross-site scripting vulnerability that enables remote attackers to inject arbitrary web scripts or HTML into web pages. This flaw affects versions 0.10.19.1 through 0.10.22.4 of the module, potentially compromising the integrity of web interfaces and allowing harmful payloads to trick unwary users. Proper validation and sanitation of inputs are essential to mitigate risks associated with this vulnerability.

References

http://osvdb.org/85430

vdb-entryx_refsource_OSVDB

https://developers.google.com/speed/docs/mod_pagespeed/CV...

x_refsource_CONFIRM

https://developers.google.com/speed/docs/mod_pagespeed/an...

x_refsource_CONFIRM

Timeline

Vulnerability published
Sep 15, 2012
Vulnerability Reserved
Aug 20, 2012