CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cross-site scripting XSS vulnerability in data/hybrid/ihybrid.php in Open Constructor 3.12.0 allows remote authenticated users to inject arbitrary web script or HTML via the header parameter...

3.5CVSS5.4AI score0.00224EPSS

Exploits2References1

RedhatCVE•added 2025/05/22 4:47 a.m.•4 views

CVE-2012-3870

Multiple cross-site scripting XSS vulnerabilities in objects/createobject.php in Open Constructor 3.12.0 allow remote authenticated users to inject arbitrary web script or HTML via the 1 name or 2 description parameter...

3.5CVSS5.5AI score0.00224EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 4:47 a.m.•5 views

CVE-2012-3872

Multiple cross-site scripting XSS vulnerabilities in Open Constructor 3.12.0 allow remote attackers to inject arbitrary web script or HTML via 1 the result parameter to data/file/edit.php, 2 the q parameter to confirm.php, or 3 the keyword parameter to users/users.php...

4.3CVSS6AI score0.00754EPSS

Exploits2References1

RedhatCVE•added 2025/05/22 12:27 a.m.•4 views

CVE-2012-3873

Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to 1 data/gallery/edit.php, 2 data/guestbook/edit.php, 3 data/file/edit.php, 4 data/htmltext/edit.php, 5 data/publication/edit.php, or 6...

6.5CVSS8.4AI score0.00938EPSS

Exploits6References1

NVD•added 2012/12/28 11:48 a.m.•13 views

CVE-2012-3872

4.3CVSS5.8AI score0.00754EPSS

Exploits2References1

NVD•added 2012/12/28 11:48 a.m.•13 views

CVE-2012-3873

6.5CVSS8AI score0.00938EPSS

Exploits6References1

NVD•added 2012/12/28 11:48 a.m.•11 views

CVE-2012-3870

3.5CVSS5.4AI score0.00224EPSS

Exploits1References1

NVD•added 2012/12/28 11:48 a.m.•12 views

CVE-2012-3871

Cross-site scripting XSS vulnerability in data/hybrid/ihybrid.php in Open Constructor 3.12.0 allows remote authenticated users to inject arbitrary web script or HTML via the header parameter...

3.5CVSS5.3AI score0.00224EPSS

Exploits2References1

Prion•added 2012/12/28 11:48 a.m.•11 views

Sql injection

6.5CVSS8.7AI score0.00938EPSS

Exploits6References1Affected Software1

Prion•added 2012/12/28 11:48 a.m.•12 views

Cross site scripting

3.5CVSS5.6AI score0.00224EPSS

Exploits1References1Affected Software1

Prion•added 2012/12/28 11:48 a.m.•10 views

Cross site scripting

4.3CVSS6.1AI score0.00754EPSS

Exploits2References1Affected Software1

Prion•added 2012/12/28 11:48 a.m.•15 views

Cross site scripting

Cross-site scripting XSS vulnerability in data/hybrid/ihybrid.php in Open Constructor 3.12.0 allows remote authenticated users to inject arbitrary web script or HTML via the header parameter...

3.5CVSS5.7AI score0.00224EPSS

Exploits2References1Affected Software1

Cvelist•added 2012/12/28 11:0 a.m.•14 views

CVE-2012-3872

5.8AI score0.00754EPSS

Exploits2References1

CVE•added 2012/12/28 11:0 a.m.•48 views

CVE-2012-3873

OpenConstructor CMS 3.12.0 is vulnerable to multiple SQL injections via the id parameter in several edit pages (gallery, guestbook, file, htmltext, publication, event). Root cause: code calls get_record($_GET['id']) without input validation; authenticated attackers can execute arbitrary SQL queri...

6.5CVSS8.2AI score0.00938EPSS

Exploits6References1Affected Software1

Cvelist•added 2012/12/28 11:0 a.m.•15 views

CVE-2012-3873

8AI score0.00938EPSS

Exploits6References1

CVE•added 2012/12/28 11:0 a.m.•48 views

CVE-2012-3870

OpenConstructor CMS 3.12.0 contains Stored XSS in objects/createobject.php. The vulnerable code assigns user-supplied POST values name and description to an object without HTML escaping, enabling an authenticated user to inject arbitrary script that can run in other users’ browsers. Affected prod...

3.5CVSS5.4AI score0.00224EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by