Unrated severityNVD Advisory· Published Jul 3, 2012· Updated Apr 29, 2026
CVE-2012-3837
CVE-2012-3837
Description
Multiple cross-site scripting (XSS) vulnerabilities in apps/users/registration.template.php in Baby Gekko 1.2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) email_address, (3) password, (4) password_verify, (5) firstname, (6) lastname, or (7) verification_code parameter to users/action/register. NOTE: some of these details are obtained from third party information.
Affected products
13cpe:2.3:a:babygekko:baby_gekko:*:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:babygekko:baby_gekko:*:*:*:*:*:*:*:*range: <=1.2.0
- cpe:2.3:a:babygekko:baby_gekko:0.90:*:*:*:*:*:*:*
- cpe:2.3:a:babygekko:baby_gekko:0.91:*:*:*:*:*:*:*
- cpe:2.3:a:babygekko:baby_gekko:0.98:alpha:*:*:*:*:*:*
- cpe:2.3:a:babygekko:baby_gekko:0.99:beta:*:*:*:*:*:*
- cpe:2.3:a:babygekko:baby_gekko:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:babygekko:baby_gekko:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:babygekko:baby_gekko:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:babygekko:baby_gekko:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:babygekko:baby_gekko:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:babygekko:baby_gekko:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:babygekko:baby_gekko:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:babygekko:baby_gekko:1.1.5:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- www.exploit-db.com/exploits/18827nvdExploit
- www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5086.phpnvdExploit
- secunia.com/advisories/49052nvdVendor Advisory
- www.babygekko.com/site/news/general/baby-gekko-v1-2-0-released-with-3rd-party-independent-security-testing-performed-by-zero-science-lab.htmlnvd
- www.securityfocus.com/bid/53366nvd
News mentions
0No linked articles in our index yet.