4.3

CVE-2012-4271

Exploit

Bad Behavior < 2.0.47 & 2.2.0 - 2.2.4 - Cross-Site Scripting

Multiple cross-site scripting (XSS) vulnerabilities in bad-behavior-wordpress-admin.php in the Bad Behavior plugin before 2.0.47 and 2.2.x before 2.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) httpbl_key, (3) httpbl_maxage, (4) httpbl_threat, (5) reverse_proxy_addresses, or (6) reverse_proxy_header parameter.
Mögliche Gegenmaßnahme
Bad Behavior: Update to one of the following versions, or a newer patched version: 2.0.47, 2.2.5
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mark JaquithBad Behavior Version <= 2.0.46
Mark JaquithBad Behavior Version2.2.0
Mark JaquithBad Behavior Version2.2.1
Mark JaquithBad Behavior Version2.2.2
Mark JaquithBad Behavior Version2.2.3
Mark JaquithBad Behavior Version2.2.4
WordpressWordpress Version-
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Bad Behavior
Version [*, 2.0.47)
Version [2.2.0, 2.2.5)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.05% 0.787
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://packetstormsecurity.org/files/112619/WordPress-Bad-Behavior-Cross-Site-Scripting.html
http://plugins.trac.wordpress.org/changeset?old_path=%2Fbad-behavior&old=543807&new_path=%2Fbad-behavior&new=543807
Patch
Exploit
http://www.securityfocus.com/bid/53477
https://exchange.xforce.ibmcloud.com/vulnerabilities/75521
https://www.wordfence.com/threat-intel/vulnerabilities/id/e4704495-8342-4846-9242-f1eab4de25d6
Third Party Advisory