CVE-2012-3870

Name of the Vulnerable Software and Affected Versions Open Constructor version 3.12.0

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the name or description parameter in the objects/createobject.php file.

Recommendations For Open Constructor version 3.12.0, avoid using the name and description parameters in the objects/createobject.php file until a fix is available. As a temporary workaround, consider validating and sanitizing user input for these parameters to prevent malicious script injection.