Unrated severityNVD Advisory· Published Feb 14, 2012· Updated Apr 29, 2026
CVE-2012-0829
CVE-2012-0829
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Mibew Messenger 1.6.4 and earlier allow remote attackers to hijack the authentication of operators for requests that insert cross-site scripting (XSS) sequences via the (1) address or (2) threadid parameters to operator/ban.php; or (3) geolinkparams, (4) title, or (5) chattitle parameters to operator/settings.php.
Affected products
16cpe:2.3:a:mibew:mibew_messenger:1.5.0:*:*:*:*:*:*:*+ 15 more
- cpe:2.3:a:mibew:mibew_messenger:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:mibew:mibew_messenger:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:mibew:mibew_messenger:*:*:*:*:*:*:*:*range: <=1.6.4
- cpe:2.3:a:mibew:mibew_messenger:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mibew:mibew_messenger:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mibew:mibew_messenger:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mibew:mibew_messenger:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:mibew:mibew_messenger:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:mibew:mibew_messenger:1.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mibew:mibew_messenger:1.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:mibew:mibew_messenger:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:mibew:mibew_messenger:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:mibew:mibew_messenger:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:mibew:mibew_messenger:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:mibew:mibew_messenger:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:mibew:mibew_messenger:1.6.3:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- archives.neohapsis.com/archives/bugtraq/2012-01/0178.htmlnvdExploit
- www.codseq.it/advisories/mibew_messenger_multiple_xssnvdExploit
- secunia.com/advisories/47787nvdVendor Advisory
- www.openwall.com/lists/oss-security/2012/02/02/10nvd
- www.securityfocus.com/bid/51723nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/72822nvd
News mentions
0No linked articles in our index yet.