cbcvebase.

Openconstructor Project Openconstructor vulnerabilities

4 known vulnerabilities affecting openconstructor_project/openconstructor.

Total CVEs
4
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
MEDIUM2LOW2

Vulnerabilities

Page 1 of 1
CVE-2012-3873P3MEDIUMCVSS 6.5PoCv3.12.02012-12-28
CVE-2012-3873 [MEDIUM] CWE-89 CVE-2012-3873: Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users t Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) data/gallery/edit.php, (2) data/guestbook/edit.php, (3) data/file/edit.php, (4) data/htmltext/edit.php, (5) data/publication/edit.php, or (6) data/event/edit.php.
nvd
CVE-2012-3872P4MEDIUMCVSS 4.3PoCv3.12.02012-12-28
CVE-2012-3872 [MEDIUM] CWE-79 CVE-2012-3872: Multiple cross-site scripting (XSS) vulnerabilities in Open Constructor 3.12.0 allow remote attacker Multiple cross-site scripting (XSS) vulnerabilities in Open Constructor 3.12.0 allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to data/file/edit.php, (2) the q parameter to confirm.php, or (3) the keyword parameter to users/users.php.
nvd
CVE-2012-3871P4LOWCVSS 3.5v3.12.02012-12-28
CVE-2012-3871 [LOW] CWE-79 CVE-2012-3871: Cross-site scripting (XSS) vulnerability in data/hybrid/i_hybrid.php in Open Constructor 3.12.0 allo Cross-site scripting (XSS) vulnerability in data/hybrid/i_hybrid.php in Open Constructor 3.12.0 allows remote authenticated users to inject arbitrary web script or HTML via the header parameter.
nvd
CVE-2012-3870P4LOWCVSS 3.5v3.12.02012-12-28
CVE-2012-3870 [LOW] CWE-79 CVE-2012-3870: Multiple cross-site scripting (XSS) vulnerabilities in objects/createobject.php in Open Constructor Multiple cross-site scripting (XSS) vulnerabilities in objects/createobject.php in Open Constructor 3.12.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) name or (2) description parameter.
nvd
Openconstructor Project Openconstructor vulnerabilities | cvebase