Unrated severityNVD Advisory· Published Jul 3, 2012· Updated Apr 29, 2026

CVE-2012-3831

Description

Cross-site scripting (XSS) vulnerability in decoda/templates/video.php in Decoda before 3.3.1 allows remote attackers to inject arbitrary web script or HTML via multiple URLs in an img tag.

Affected products

Milesj/Decoda12 versions
cpe:2.3:a:milesj:decoda:*:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:milesj:decoda:*:*:*:*:*:*:*:*range: <=3.3
- cpe:2.3:a:milesj:decoda:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:milesj:decoda:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:milesj:decoda:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:milesj:decoda:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:milesj:decoda:2.6:*:*:*:*:*:*:*
- cpe:2.3:a:milesj:decoda:2.7:*:*:*:*:*:*:*
- cpe:2.3:a:milesj:decoda:2.8:*:*:*:*:*:*:*
- cpe:2.3:a:milesj:decoda:2.9:*:*:*:*:*:*:*
- cpe:2.3:a:milesj:decoda:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:milesj:decoda:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:milesj:decoda:3.2:*:*:*:*:*:*:*

Patches

104afad9d3cb

https://github.com/milesj/php-decodavia nvd-ref

commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/milesj/php-decoda/commit/104afad9d3cb1fbb766c4bc5b98e070a8a13fbd8nvdExploitPatch
osvdb.org/81637nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	-0.070
ransomware	0.000