CVE-2012-3476

Ushahidi Platform < 2.4.1 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in (1) application/views/admin/layout.php and (2) themes/default/views/header.php in the Ushahidi Platform before 2.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to a site name.

References (2)

[Exploit, Patch] https://github.com/ushahidi/Ushahidi_Web/commit/00eae4f

[Mailing List] http://openwall.com/lists/oss-security/2012/08/09/5

Scores

EPSS 0.0016

EPSS Percentile 36.5%

Classification

CWE

CWE-79

Status published

Affected Products (11)

ushahidi/ushahidi_platform < 2.4.1

ushahidi/ushahidi_platform

n/a/n/a

Timeline

Published Aug 12, 2012

Tracked Since Feb 18, 2026