CVE-2012-3871

Name of the Vulnerable Software and Affected Versions Open Constructor version 3.12.0

Description A cross-site scripting (XSS) issue exists, allowing remote authenticated users to inject arbitrary web script or HTML via the header parameter in the /data/hybrid/i hybrid.php endpoint.

Recommendations For Open Constructor version 3.12.0, as a temporary workaround, consider restricting access to the header parameter in the /data/hybrid/i hybrid.php endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.