Multiple XSS Vulnerabilities in SocialEngine by SocialEngine
CVE-2012-6720

6.1MEDIUM

Key Information:

Vendor: Socialengine
Status: Socialengine
Vendor: CVE Published:; 11 February 2020

🔔 Create Socialengine Vulnerability Alert

What is CVE-2012-6720?

SocialEngine prior to version 4.2.4 contains multiple vulnerabilities that expose applications to Cross-Site Scripting (XSS) attacks. These vulnerabilities allow remote attackers to leverage arbitrary web scripts or HTML injections. Specifically, attackers can exploit the 'title' parameter in the music creation feature, the 'location' parameter in event creation, and the 'search' parameter in the widget content retrieval, leading to potential data exposure and manipulation.

References

http://seclists.org/oss-sec/2012/q2/396

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2020
Vulnerability Reserved
Feb 11, 2020

CVE-2012-6720 Data

JSON