CVE-2012-3476

Published: Aug 12, 2012Modified: Apr 29, 2026

3.5

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability: 6.8 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in (1) application/views/admin/layout.php and (2) themes/default/views/header.php in the Ushahidi Platform before 2.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to a site name.

Affected (10)

Products: Ushahidi: Ushahidi Platform

Ushahidi

1 product

Ushahidi Platform

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Ushahidi Ushahidi Platform	Up to 2.4.1
Ushahidi Ushahidi Platform	Version 1.0
Ushahidi Ushahidi Platform	Version 1.2
Ushahidi Ushahidi Platform	Version 2.0
Ushahidi Ushahidi Platform	Version 2.1
Ushahidi Ushahidi Platform	Version 2.2.1
Ushahidi Ushahidi Platform	Version 2.2
Ushahidi Ushahidi Platform	Version 2.3.1
Ushahidi Ushahidi Platform	Version 2.3.2
Ushahidi Ushahidi Platform	Version 2.4

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

http://openwall.com/lists/oss-security/2012/08/09/5

Source: secalert@redhat.com

https://github.com/ushahidi/Ushahidi_Web/commit/00eae4f

Source: secalert@redhat.com

ExploitPatch

http://openwall.com/lists/oss-security/2012/08/09/5

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/ushahidi/Ushahidi_Web/commit/00eae4f

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

Timeline

No history available yet.