3 matches found
CVE-2012-3870
OpenConstructor CMS 3.12.0 contains Stored XSS in objects/createobject.php. The vulnerable code assigns user-supplied POST values name and description to an object without HTML escaping, enabling an authenticated user to inject arbitrary script that can run in other users’ browsers. Affected prod...
[CVE-2012-3870] Openconstructor CMS 3.12.0 'createobject.php', 'name' and 'description' parameters Stored Cross-site Scrpting vulnerabilities
Title: Openconstructor CMS 3.12.0 'createobject.php', 'name' and 'description' parameters Stored Cross-site Scrpting vulnerabilities Affected Software: http://www.openconstructor.org/ http://code.google.com/p/openconstructor/downloads/list...
Openconstructor CMS 3.12.0 Cross Site Scripting
Title: Openconstructor CMS 3.12.0 'createobject.php', 'name' and 'description' parameters Stored Cross-site Scrpting vulnerabilities Affected Software: http://www.openconstructor.org/ http://code.google.com/p/openconstructor/downloads/list...