CVE-2012-1212

Name of the Vulnerable Software and Affected Versions Semantic Enterprise Wiki (SMW+) versions 1.5.6, 1.6.0 2 and earlier

Description The issue is related to a cross-site scripting (XSS) vulnerability in the smwfOnSfSetTargetName function. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the target parameter to the "index.php/Special:FormEdit" endpoint.

Recommendations For versions 1.5.6, 1.6.0 2 and earlier, consider disabling the smwfOnSfSetTargetName function until a patch is available. Restrict access to the "index.php/Special:FormEdit" endpoint to minimize the risk of exploitation. Avoid using the target parameter in the affected endpoint until the issue is resolved.