CVE-2012-3870
Openconstructor - XSS
Title source: ruleDescription
Multiple cross-site scripting (XSS) vulnerabilities in objects/createobject.php in Open Constructor 3.12.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) name or (2) description parameter.
Scores
EPSS
0.0022
EPSS Percentile
44.8%
Details
CWE
CWE-79
Status
published
Products (2)
openconstructor_project/openconstructor
n/a/n/a
Published
Dec 28, 2012
Tracked Since
Feb 18, 2026