CVE-2012-4932

Name: CVE-2012-4932
Creator: NVD / NIST
Published: 2012-12-28T11:48:44.627+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.32%

Last modified Jun 16, 2026

CVE-2012-4932 is a vulnerability of currently unknown severity. Multiple cross-site scripting (XSS) vulnerabilities in SimpleInvoices before stable-2012-1-CIS3000 allow remote attackers to inject arbitrary web script or HTML via (1) the having parameter in a manage action to index.php; (2) the Email field in an Add User action; (3) the Customer Name field in an Add Customer action; the (4) Street address, (5) Street address 2, (6) City, (7) Zip code, (8) State, (9) Country, (10) Mobile Phone, (11) Phone, (12) Fax, (13) Email, (14) PayPal business name, (15) PayPal notify url, (16) PayPal return url, (17) Eway customer ID, (18) Custom field 1, (19) Custom field 2, (20) Custom field 3, or (21) Custom field 4 field in an Add Biller action; (22) the Customer field in an Add Invoice action; the (23) Invoice or (24) Notes field in a Process Payment action; (25) the Payment type description field in a Payment Types action; (26) the Description field in an Invoice Preferences action; (27) the Description field in a Manage Products action; or (28) the Description field in a Tax Rates action.. EPSS estimates a 1.32% chance of exploitation in the next 30 days.

Description

Multiple cross-site scripting (XSS) vulnerabilities in SimpleInvoices before stable-2012-1-CIS3000 allow remote attackers to inject arbitrary web script or HTML via (1) the having parameter in a manage action to index.php; (2) the Email field in an Add User action; (3) the Customer Name field in an Add Customer action; the (4) Street address, (5) Street address 2, (6) City, (7) Zip code, (8) State, (9) Country, (10) Mobile Phone, (11) Phone, (12) Fax, (13) Email, (14) PayPal business name, (15) PayPal notify url, (16) PayPal return url, (17) Eway customer ID, (18) Custom field 1, (19) Custom field 2, (20) Custom field 3, or (21) Custom field 4 field in an Add Biller action; (22) the Customer field in an Add Invoice action; the (23) Invoice or (24) Notes field in a Process Payment action; (25) the Payment type description field in a Payment Types action; (26) the Description field in an Invoice Preferences action; (27) the Description field in a Manage Products action; or (28) the Description field in a Tax Rates action.

Metrics

EPSS Probability

1.32%

67.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-79

Affected Software

Vendor	Product	Versions
Simple Invoices	Simple Invoices	<= 2011.1
Simple Invoices	Simple Invoices	2006-12-11
Simple Invoices	Simple Invoices	2007-01-25
Simple Invoices	Simple Invoices	2007-02-02
Simple Invoices	Simple Invoices	2007-05-25

References

Timeline

Published: Dec 28, 2012
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2012-4932?

How severe is CVE-2012-4932?

Severity scoring for CVE-2012-4932 is pending analysis. The EPSS model estimates a 1.32% probability of exploitation in the next 30 days.

How do I fix CVE-2012-4932?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2012-4932?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST