PT-2012-5053 · Open Constructor · Open Constructor

Published

2012-12-28

Updated

2012-12-28

CVE-2012-3870

CVSS v2.0

3.5

Low

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Open Constructor version 3.12.0

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the name or description parameter in the objects/createobject.php file.

Recommendations For Open Constructor version 3.12.0, avoid using the name and description parameters in the objects/createobject.php file until a fix is available. As a temporary workaround, consider validating and sanitizing user input for these parameters to prevent malicious script injection.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2012-3870

Affected Products

Open Constructor

PT-2012-5053 · Open Constructor · Open Constructor

CVE-2012-3870

Weakness Enumeration

Related Identifiers

Affected Products

References · 2