Vulnerability Details CVE-2012-6720
Multiple cross-site scripting (XSS) vulnerabilities in SocialEngine before 4.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to music/create, (2) location parameter to events/create, or (3) search parameter to widget/index/content_id/*.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.9%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
Products affected by CVE-2012-6720
-
cpe:2.3:a:socialengine:socialengine:-
-
cpe:2.3:a:socialengine:socialengine:4.2.2