6.1

CVE-2012-10007

madgicweb BuddyStream Plugin ShareBox.php cross site scripting

BuddyStream <= 3.6.2 - Reflected Cross-Site Scripting

A vulnerability was found in madgicweb BuddyStream Plugin up to 3.2.7 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file ShareBox.php. The manipulation of the argument content/link/shares leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.2.8 is able to address this issue. The patch is named 7d5b9a89a27711aad76fd55ab4cc4185b545a1d0. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221479.
Mögliche Gegenmaßnahme
BuddyStream: Update to version 3.6.3, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Buddystream ProjectBuddystream Version < 3.2.8
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt BuddyStream
Version *-3.6.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.56% 0.42
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cna@vuldb.com 3.5 2.1 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
cna@vuldb.com 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://github.com/madgicweb/buddystream/commit/7d5b9a89a27711aad76fd55ab4cc4185b545a1d0
Patch
https://github.com/madgicweb/buddystream/releases/tag/3.2.8
Release Notes
https://vuldb.com/?ctiid.221479
Third Party Advisory
Permissions Required
https://vuldb.com/?id.221479
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/e947abb8-be40-4090-80a6-5255692ef693
Third Party Advisory