CVE-2012-3805

Exp

Multiple cross-site scripting (XSS) vulnerabilities in the getAllPassedParams function in system/functions.php in Kajona before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) absender_name, (2) absender_email, or (3) absender_nachricht parameter to the content page; (4) comment_name, (5) comment_subject, or (6) comment_message parameter to the postacomment module; (7) module parameter to index.php; (8) action parameter to the admin login page; (9) pv or (10) pe parameter in a list action to the user module; (11) user_username, (12) user_email, (13) user_forename, (14) user_name, (15) user_street, (16) user_postal, (17) user_city, (18) user_tel, or (19) user_mobil parameter in a newUser action to the user module; (20) group_name or (21) group_desc parameter in a groupNew action to the user module; (22) name, (23) browsername, (24) seostring, (25) keywords, or (26) folder_id parameter in a newPage action to the pages module; (27) element_name or (28) element_cachetime parameter in a newElement action in the pages module; (29) aspect_name parameter in a newAspect action in the system module; (30) filemanager_name, (31) filemanager_path, (32) filemanager_upload_filter, or (33) filemanager_view_filter parameter in a NewRepo action to the filemanager module; or (34) archive_title or (35) archive_path parameter in a newArchive action to the downloads module. NOTE: some of these details are obtained from third party information.

Published: 2012-07-12 Last update: 2026-04-29 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2012-3805 is rated Exploit Available (58.3/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 0.87%). 2 public exploit reference(s) are indexed (Exploit-DB). Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2012-3805

EDB-ID Source Kind Published Link
37498 exploit_db edb 2012-07-11 Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2012-3805

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-03 1.23% 0.87% -0.37%
2 2026-03-13 1.44% 1.23% -0.21%
3 2026-03-01 1.44%

Full EPSS history (12 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2012-3805

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
4.3 2.0 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:N)
No availability impact.
 8.6 2.9 [email protected]

Weakness enumeration for CVE-2012-3805

Affected software / configurations for CVE-2012-3805

Vendor Product Version Raw CPE
kajona kajona <= 3.4.1 cpe:2.3:a:kajona:kajona:*:*:*:*:*:*:*:*
kajona kajona 3.1.0 cpe:2.3:a:kajona:kajona:3.1.0:*:*:*:*:*:*:*
kajona kajona 3.1.1 cpe:2.3:a:kajona:kajona:3.1.1:*:*:*:*:*:*:*
kajona kajona 3.2.0 cpe:2.3:a:kajona:kajona:3.2.0:*:*:*:*:*:*:*
kajona kajona 3.2.1 cpe:2.3:a:kajona:kajona:3.2.1:*:*:*:*:*:*:*
kajona kajona 3.3.0 cpe:2.3:a:kajona:kajona:3.3.0:*:*:*:*:*:*:*
kajona kajona 3.3.1 cpe:2.3:a:kajona:kajona:3.3.1:*:*:*:*:*:*:*
kajona kajona 3.4.0 cpe:2.3:a:kajona:kajona:3.4.0:*:*:*:*:*:*:*

References for CVE-2012-3805

cvelogic Threat Intelligence