Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2012-3872

Published: 28/12/2012 Updated: 28/12/2012
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 445
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Openconstructor Project

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in Open Constructor 3.12.0 allow remote malicious users to inject arbitrary web script or HTML via (1) the result parameter to data/file/edit.php, (2) the q parameter to confirm.php, or (3) the keyword parameter to users/users.php.

Vulnerable Product Search on Vulmon Subscribe to Product

openconstructor project openconstructor 3.12.0

Exploits

Exploit DB: Openconstructor CMS 3.12.0 Reflected XSS
Openconstructor CMS version 3120 suffers from multiple reflective cross site scripting vulnerabilities ...
Exploit DB: Open Constructor - 'confirm.php?q' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/54822/info Open Constructor is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input Exploiting these vulnerabilities could allow an attacker to execute arbitrary script code, steal cookie-based authentication credentials, compromise the applicati ...
Exploit DB: Open Constructor - '/data/file/edit.php?result' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/54822/info Open Constructor is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input Exploiting these vulnerabilities could allow an attacker to execute arbitrary script code, steal cookie-based authentication credentials, compromise the application ...
Exploit DB: Open Constructor - '/users/users.php?keyword' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/54822/info Open Constructor is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input Exploiting these vulnerabilities could allow an attacker to execute arbitrary script code, steal cookie-based authentication credentials, compromise the application, ...

References

CWE-79http://packetstormsecurity.org/files/115284/Openconstructor-CMS-3.12.0-Reflected-XSS.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/115284/Openconstructor-CMS-3.12.0-Reflected-XSS.htmlhttps://www.exploit-db.com/exploits/37580/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook