4.3
CVE-2011-5104
- EPSS 0.43%
- Veröffentlicht 23.08.2012 20:55:02
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginWP eCommerce < 3.8.7.2 - Stored Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in wpsc-admin/display-sales-logs.php in WP e-Commerce plugin 3.8.7.1 and possibly earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the custom_text parameter. NOTE: some of these details are obtained from third party information.
Mögliche Gegenmaßnahme
WP eCommerce: Update to version 3.8.7.2, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WP eCommerce
Version
[*, 3.8.7.2)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Getshopped ≫ Wp E-commerce Version <= 3.8.7.1
Getshopped ≫ Wp E-commerce Version3.6.5
Getshopped ≫ Wp E-commerce Version3.6.6
Getshopped ≫ Wp E-commerce Version3.6.7
Getshopped ≫ Wp E-commerce Version3.6.8
Getshopped ≫ Wp E-commerce Version3.6.9
Getshopped ≫ Wp E-commerce Version3.6.10
Getshopped ≫ Wp E-commerce Version3.6.11
Getshopped ≫ Wp E-commerce Version3.6.12
Getshopped ≫ Wp E-commerce Version3.6.13
Getshopped ≫ Wp E-commerce Version3.7
Getshopped ≫ Wp E-commerce Version3.7 Updatebeta2
Getshopped ≫ Wp E-commerce Version3.7 Updatebeta3
Getshopped ≫ Wp E-commerce Version3.7.1
Getshopped ≫ Wp E-commerce Version3.7.2
Getshopped ≫ Wp E-commerce Version3.7.3
Getshopped ≫ Wp E-commerce Version3.7.4
Getshopped ≫ Wp E-commerce Version3.7.5
Getshopped ≫ Wp E-commerce Version3.7.5 Updatebeta1
Getshopped ≫ Wp E-commerce Version3.7.5 Updatebeta2
Getshopped ≫ Wp E-commerce Version3.7.5 Updaterc1
Getshopped ≫ Wp E-commerce Version3.7.5 Updaterc2
Getshopped ≫ Wp E-commerce Version3.7.5 Updaterc3
Getshopped ≫ Wp E-commerce Version3.7.5 Updaterc4
Getshopped ≫ Wp E-commerce Version3.7.5.1
Getshopped ≫ Wp E-commerce Version3.7.5.1 Updatebeta
Getshopped ≫ Wp E-commerce Version3.7.5.2
Getshopped ≫ Wp E-commerce Version3.7.5.3
Getshopped ≫ Wp E-commerce Version3.7.6
Getshopped ≫ Wp E-commerce Version3.7.6 Updaterc1
Getshopped ≫ Wp E-commerce Version3.7.6 Updaterc2
Getshopped ≫ Wp E-commerce Version3.7.6 Updaterc3
Getshopped ≫ Wp E-commerce Version3.7.6 Updaterc4
Getshopped ≫ Wp E-commerce Version3.7.6.1
Getshopped ≫ Wp E-commerce Version3.7.6.2
Getshopped ≫ Wp E-commerce Version3.7.6.3
Getshopped ≫ Wp E-commerce Version3.7.6.4
Getshopped ≫ Wp E-commerce Version3.7.6.5
Getshopped ≫ Wp E-commerce Version3.7.6.6
Getshopped ≫ Wp E-commerce Version3.7.6.7
Getshopped ≫ Wp E-commerce Version3.7.6.9
Getshopped ≫ Wp E-commerce Version3.7.7
Getshopped ≫ Wp E-commerce Version3.7.8
Getshopped ≫ Wp E-commerce Version3.7.8.1
Getshopped ≫ Wp E-commerce Version3.7.8.2
Getshopped ≫ Wp E-commerce Version3.7.8.3
Getshopped ≫ Wp E-commerce Version3.8
Getshopped ≫ Wp E-commerce Version3.8 Updatebeta1
Getshopped ≫ Wp E-commerce Version3.8 Updatebeta2
Getshopped ≫ Wp E-commerce Version3.8 Updatebeta3
Getshopped ≫ Wp E-commerce Version3.8 Updaterc1
Getshopped ≫ Wp E-commerce Version3.8 Updaterc2
Getshopped ≫ Wp E-commerce Version3.8 Updaterc3
Getshopped ≫ Wp E-commerce Version3.8 Updaterc4
Getshopped ≫ Wp E-commerce Version3.8.1
Getshopped ≫ Wp E-commerce Version3.8.2
Getshopped ≫ Wp E-commerce Version3.8.3
Getshopped ≫ Wp E-commerce Version3.8.4
Getshopped ≫ Wp E-commerce Version3.8.5
Getshopped ≫ Wp E-commerce Version3.8.6
Getshopped ≫ Wp E-commerce Version3.8.6.1
Getshopped ≫ Wp E-commerce Version3.8.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.43% | 0.597 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.