4 matches found
CVE-2012-3871
Cross-site scripting XSS vulnerability in data/hybrid/ihybrid.php in Open Constructor 3.12.0 allows remote authenticated users to inject arbitrary web script or HTML via the header parameter...
CVE-2012-3871
CVE-2012-3871 describes a stored XSS vulnerability in Open Constructor 3.12.0, exposed through the header parameter in data/hybrid/i_hybrid.php when creating a catalogue document. Exploitation requires an authenticated user, who can inject arbitrary scripting/HTML that may execute in other users’...
[CVE-2012-3871] Openconstructor CMS 3.12.0 'data/hybrid/i_hybrid.php', 'header' parameter Stored Cross-site Scripting Vulnerability
Title: Openconstructor CMS 3.12.0 'data/hybrid/ihybrid.php', 'header' parameter Stored Cross-site Scripting Vulnerability Affected Software: http://www.openconstructor.org/ http://code.google.com/p/openconstructor/downloads/list...
Openconstructor CMS 3.12.0 i_hybrid.php XSS
Title: Openconstructor CMS 3.12.0 'data/hybrid/ihybrid.php', 'header' parameter Stored Cross-site Scripting Vulnerability Affected Software: http://www.openconstructor.org/ http://code.google.com/p/openconstructor/downloads/list...