CVE-2012-3872

This exploit demonstrates a reflected XSS vulnerability in Open Constructor 3.12.0 by injecting a JavaScript alert payload into the 'q' parameter of the confirm.php endpoint. The lack of input sanitization allows arbitrary script execution in the context of the user's browser session.

This exploit demonstrates a reflected XSS vulnerability in Open Constructor 3.12.0 by injecting arbitrary JavaScript code via the 'result' parameter in the edit.php file. The vulnerability arises due to insufficient input sanitization, allowing script execution in the context of the user's browser.

This exploit demonstrates a reflected XSS vulnerability in Open Constructor 3.12.0 due to improper input sanitization. The PoC shows how arbitrary script code can be executed via the 'keyword' parameter in the users.php endpoint.