VYPR
Moderate severityNVD Advisory· Published Aug 26, 2012· Updated Jun 16, 2026

CVE-2012-1296

CVE-2012-1296

Description

Multiple cross-site scripting (XSS) vulnerabilities in apps/admin/handlers/preview.php in Elefant CMS 1.0.x before 1.0.2-Beta and 1.1.x before 1.1.5-Beta allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) body parameter to admin/preview.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
elefant/cmsPackagist
>= 1.0, < 1.0.2-Beta1.0.2-Beta
elefant/cmsPackagist
>= 1.1, < 1.1.5-Beta1.1.5-Beta

Affected products

5
  • cpe:2.3:a:elefantcms:elefantcms:*:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:elefantcms:elefantcms:*:*:*:*:*:*:*:*range: <=1.1.4_beta
    • cpe:2.3:a:elefantcms:elefantcms:1.1.1_beta:*:*:*:*:*:*:*
    • cpe:2.3:a:elefantcms:elefantcms:1.1.2_beta:*:*:*:*:*:*:*
    • cpe:2.3:a:elefantcms:elefantcms:1.1.3_beta:*:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 1.0, < 1.0.2-Beta

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.