Lucene search
K

9 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2012-3815

Malware in sbrugna...

3.5CVSS6.4AI score0.00802EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2025/05/22 12:27 a.m.7 views

CVE-2012-3873

Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to 1 data/gallery/edit.php, 2 data/guestbook/edit.php, 3 data/file/edit.php, 4 data/htmltext/edit.php, 5 data/publication/edit.php, or 6...

6.5CVSS8.4AI score0.0092EPSS
Exploits6References1
NVD
NVD
added 2012/12/28 11:48 a.m.25 views

CVE-2012-3872

Multiple cross-site scripting XSS vulnerabilities in Open Constructor 3.12.0 allow remote attackers to inject arbitrary web script or HTML via 1 the result parameter to data/file/edit.php, 2 the q parameter to confirm.php, or 3 the keyword parameter to users/users.php...

4.3CVSS5.8AI score0.01378EPSS
Exploits2References1
NVD
NVD
added 2012/12/28 11:48 a.m.30 views

CVE-2012-3873

Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to 1 data/gallery/edit.php, 2 data/guestbook/edit.php, 3 data/file/edit.php, 4 data/htmltext/edit.php, 5 data/publication/edit.php, or 6...

6.5CVSS8AI score0.0092EPSS
Exploits6References1
Prion
Prion
added 2012/12/28 11:48 a.m.20 views

Cross site scripting

Cross-site scripting XSS vulnerability in data/hybrid/ihybrid.php in Open Constructor 3.12.0 allows remote authenticated users to inject arbitrary web script or HTML via the header parameter...

3.5CVSS5.7AI score0.00802EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2012/12/28 11:48 a.m.16 views

Sql injection

Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to 1 data/gallery/edit.php, 2 data/guestbook/edit.php, 3 data/file/edit.php, 4 data/htmltext/edit.php, 5 data/publication/edit.php, or 6...

6.5CVSS8.7AI score0.0092EPSS
Exploits6References1Affected Software1
CVE
CVE
added 2012/12/28 11:0 a.m.48 views

CVE-2012-3871

CVE-2012-3871 describes a stored XSS vulnerability in Open Constructor 3.12.0, exposed through the header parameter in data/hybrid/i_hybrid.php when creating a catalogue document. Exploitation requires an authenticated user, who can inject arbitrary scripting/HTML that may execute in other users’...

3.5CVSS5.4AI score0.00802EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2012/12/28 11:0 a.m.55 views

CVE-2012-3870

OpenConstructor CMS 3.12.0 contains Stored XSS in objects/createobject.php. The vulnerable code assigns user-supplied POST values name and description to an object without HTML escaping, enabling an authenticated user to inject arbitrary script that can run in other users’ browsers. Affected prod...

3.5CVSS5.4AI score0.00767EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2012/12/28 11:0 a.m.31 views

CVE-2012-3873

Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to 1 data/gallery/edit.php, 2 data/guestbook/edit.php, 3 data/file/edit.php, 4 data/htmltext/edit.php, 5 data/publication/edit.php, or 6...

8AI score0.0092EPSS
Exploits6References1
Rows per page
Query Builder