Unrated severityNVD Advisory· Published Jul 3, 2012· Updated Apr 29, 2026
CVE-2012-3830
CVE-2012-3830
Description
Cross-site scripting (XSS) vulnerability in decoda/templates/video.php in Decoda before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via the video directive.
Affected products
13cpe:2.3:a:milesj:decoda:*:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:milesj:decoda:*:*:*:*:*:*:*:*range: <=3.3.1
- cpe:2.3:a:milesj:decoda:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:milesj:decoda:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:milesj:decoda:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:milesj:decoda:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:milesj:decoda:2.6:*:*:*:*:*:*:*
- cpe:2.3:a:milesj:decoda:2.7:*:*:*:*:*:*:*
- cpe:2.3:a:milesj:decoda:2.8:*:*:*:*:*:*:*
- cpe:2.3:a:milesj:decoda:2.9:*:*:*:*:*:*:*
- cpe:2.3:a:milesj:decoda:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:milesj:decoda:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:milesj:decoda:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:milesj:decoda:3.3:*:*:*:*:*:*:*
Patches
24068257bb4e1https://github.com/milesj/php-decodavia nvd-ref
666778f326dfhttps://github.com/milesj/php-decodavia nvd-ref
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- www.securityfocus.com/bid/53332nvdExploit
- github.com/milesj/php-decoda/commit/4068257bb4e1071d1d60577289d3da922c296c83nvdExploitPatch
- github.com/milesj/php-decoda/commit/666778f326dff3bd213be9f624f0fcb337c0b4c9nvdExploitPatch
- secunia.com/advisories/48931nvdVendor Advisory
- osvdb.org/81637nvd
- www.redteam-pentesting.de/en/advisories/rt-sa-2012-002/-php-decoda-cross-site-scripting-in-video-tagsnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/75333nvd
News mentions
0No linked articles in our index yet.