Unrated severityNVD Advisory· Published Feb 23, 2012· Updated Apr 29, 2026
CVE-2012-0873
CVE-2012-0873
Description
Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or the (2) photos_only, (3) online_only, or (4) mode parameters to viewFriends.php.
Affected products
12cpe:2.3:a:boonex:dolphin:*:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:boonex:dolphin:*:*:*:*:*:*:*:*range: <=7.0.7
- cpe:2.3:a:boonex:dolphin:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:boonex:dolphin:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:boonex:dolphin:6.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:boonex:dolphin:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:boonex:dolphin:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:boonex:dolphin:7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:boonex:dolphin:7.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:boonex:dolphin:7.0.3:beta:*:*:*:*:*:*
- cpe:2.3:a:boonex:dolphin:7.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:boonex:dolphin:7.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:boonex:dolphin:7.0.6:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- www.boonex.com/trac/dolphin/changeset/15282nvdPatch
- www.boonex.com/trac/dolphin/ticket/2530nvdPatch
- archives.neohapsis.com/archives/bugtraq/2012-02/0107.htmlnvdExploit
- www.boonex.com/trac/dolphin/changeset/15283nvdExploitPatch
- www.openwall.com/lists/oss-security/2012/02/20/11nvdExploit
- www.openwall.com/lists/oss-security/2012/02/20/6nvdExploit
- www.securityfocus.com/bid/52088nvdExploit
- yehg.net/lab/pr0js/advisories/%5BDolphin_7.0.7%5D_xssnvdExploit
- www.boonex.com/n/dolphin-7-0-8-releasednvd
News mentions
0No linked articles in our index yet.