VYPR
Unrated severityNVD Advisory· Published Feb 14, 2012· Updated Jun 16, 2026

CVE-2012-0829

CVE-2012-0829

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Mibew Messenger 1.6.4 and earlier allow remote attackers to hijack the authentication of operators for requests that insert cross-site scripting (XSS) sequences via the (1) address or (2) threadid parameters to operator/ban.php; or (3) geolinkparams, (4) title, or (5) chattitle parameters to operator/settings.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

17
  • cpe:2.3:a:mibew:mibew_messenger:*:*:*:*:*:*:*:*+ 16 more
    • cpe:2.3:a:mibew:mibew_messenger:*:*:*:*:*:*:*:*range: <=1.6.4
    • cpe:2.3:a:mibew:mibew_messenger:1.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mibew:mibew_messenger:1.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mibew:mibew_messenger:1.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mibew:mibew_messenger:1.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mibew:mibew_messenger:1.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:mibew:mibew_messenger:1.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mibew:mibew_messenger:1.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mibew:mibew_messenger:1.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mibew:mibew_messenger:1.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mibew:mibew_messenger:1.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mibew:mibew_messenger:1.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mibew:mibew_messenger:1.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mibew:mibew_messenger:1.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mibew:mibew_messenger:1.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mibew:mibew_messenger:1.6.3:*:*:*:*:*:*:*
    • (no CPE)range: <=1.6.4

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.