CVE-2012-1212

Cross-site scripting (XSS) vulnerability in the smwfOnSfSetTargetName function in extensions/SMWHalo/includes/SMW_Initialize.php in Semantic Enterprise Wiki (SMW+) 1.5.6, 1.6.0_2 and earlier allows remote attackers to inject arbitrary web script or HTML via the target parameter to index.php/Special:FormEdit.  NOTE: some of these details are obtained from third party information.
Cross-site Scripting
Severity
UNKNOWN
AV:N/AC:M/Au:N/C:N/I:P/A:N
Atk. Vector
NETWORK
Atk. Complexity
MEDIUM
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
VendorProductVersion
smwplussmw\+
𝑥
≤ 1.6.0_2
smwplussmw\+
1.4.4
smwplussmw\+
1.4.5
smwplussmw\+
1.4.6
smwplussmw\+
1.5.0
smwplussmw\+
1.5.1
smwplussmw\+
1.5.2
smwplussmw\+
1.5.3
smwplussmw\+
1.5.6
smwplussmw\+
1.5.6-1
smwplussmw\+
1.6.0
𝑥
= Vulnerable software versions