VIR Vulnerability Intelligence Relay

CVE-2012-3476

low
Published 2012-08-12 · Modified 2026-04-29
CVSS v3
CVSS v2
3.5
VIR risk
3.5

Description

Multiple cross-site scripting (XSS) vulnerabilities in (1) application/views/admin/layout.php and (2) themes/default/views/header.php in the Ushahidi Platform before 2.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to a site name.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://github.com/ushahidi/Ushahidi_Web/commit/00eae4f

Application impact
VendorProductVersionsFixed
ushahidiushahidi_platform{"endIncluding":"2.4.1"}
ushahidiushahidi_platform1.0
ushahidiushahidi_platform1.2
ushahidiushahidi_platform2.0
ushahidiushahidi_platform2.1
ushahidiushahidi_platform2.2
ushahidiushahidi_platform2.2.1
ushahidiushahidi_platform2.3.1
ushahidiushahidi_platform2.3.2
ushahidiushahidi_platform2.4

References

CWEs

CWE-79

Verify integrity in audit chain (admin only). AS-IS.