Unrated severityNVD Advisory· Published Feb 24, 2012· Updated Apr 29, 2026

CVE-2012-1212

Description

Cross-site scripting (XSS) vulnerability in the smwfOnSfSetTargetName function in extensions/SMWHalo/includes/SMW_Initialize.php in Semantic Enterprise Wiki (SMW+) 1.5.6, 1.6.0_2 and earlier allows remote attackers to inject arbitrary web script or HTML via the target parameter to index.php/Special:FormEdit. NOTE: some of these details are obtained from third party information.

Affected products

Smwplus/Smw\+11 versions
cpe:2.3:a:smwplus:smw\+:*:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:smwplus:smw\+:*:*:*:*:*:*:*:*range: <=1.6.0_2
- cpe:2.3:a:smwplus:smw\+:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:smwplus:smw\+:1.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:smwplus:smw\+:1.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:smwplus:smw\+:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:smwplus:smw\+:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:smwplus:smw\+:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:smwplus:smw\+:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:smwplus:smw\+:1.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:smwplus:smw\+:1.5.6-1:*:*:*:*:*:*:*
- cpe:2.3:a:smwplus:smw\+:1.6.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.org/files/109637/SMW-1.5.6-Cross-Site-Scripting.htmlnvdExploit
st2tea.blogspot.com/2012/02/smw-enterprise-wiki-156-cross-site.htmlnvdExploit
www.securityfocus.com/bid/51980nvdExploit
secunia.com/advisories/47968nvdVendor Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/73167nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000