[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248678

 
 

909

 
 

195426

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-1834Date: (C)2014-04-11   (M)2023-12-22


Cross-site scripting (XSS) vulnerability in the cms_tpv_admin_head function in functions.php in the CMS Tree Page View plugin before 0.8.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cms_tpv_view parameter to wp-admin/options-general.php.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECUNIA-48510
BID-52708
OSVDB-80573
http://plugins.trac.wordpress.org/changeset/523576/cms-tree-page-view
http://wordpress.org/extend/plugins/cms-tree-page-view/changelog/
https://www.htbridge.com/advisory/HTB23083
wordpress-cmstree-edit-xss(74337)

CPE    55
cpe:/a:cms_tree_page_view_project:cms_tree_page_view:0.7.18::~~~wordpress~~
cpe:/a:cms_tree_page_view_project:cms_tree_page_view:0.5.1::~~~wordpress~~
cpe:/a:cms_tree_page_view_project:cms_tree_page_view:0.5.4::~~~wordpress~~
cpe:/a:cms_tree_page_view_project:cms_tree_page_view:0.1::~~~wordpress~~
...
CWE    1
CWE-79

© SecPod Technologies