4.3
CVE-2012-6622
- EPSS 5.03%
- Veröffentlicht 16.01.2014 21:55:08
- Zuletzt bearbeitet 29.04.2026 01:13:23
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginWP Forum Server <= 1.7.3 - Authenticated (Admin+) Stored Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) groupid parameter in an editgroup action or (2) usergroup_id parameter in an edit_usergroup action.
Mögliche Gegenmaßnahme
WP Forum Server: Update to version 1.7.4, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Vasthtml ≫ Forumpress Update- Edition- SwEdition- SwPlatformwordpress Version <= 1.7.4
Vasthtml ≫ Forumpress Version1.0 Update- Edition- SwEdition- SwPlatformwordpress
Vasthtml ≫ Forumpress Version1.1 Update- Edition- SwEdition- SwPlatformwordpress
Vasthtml ≫ Forumpress Version1.2 Update- Edition- SwEdition- SwPlatformwordpress
Vasthtml ≫ Forumpress Version1.3 Update- Edition- SwEdition- SwPlatformwordpress
Vasthtml ≫ Forumpress Version1.4 Update- Edition- SwEdition- SwPlatformwordpress
Vasthtml ≫ Forumpress Version1.5 Update- Edition- SwEdition- SwPlatformwordpress
Vasthtml ≫ Forumpress Version1.5.1 Update- Edition- SwEdition- SwPlatformwordpress
Vasthtml ≫ Forumpress Version1.5.2 Update- Edition- SwEdition- SwPlatformwordpress
Vasthtml ≫ Forumpress Version1.6 Update- Edition- SwEdition- SwPlatformwordpress
Vasthtml ≫ Forumpress Version1.6.2 Update- Edition- SwEdition- SwPlatformwordpress
Vasthtml ≫ Forumpress Version1.6.3 Update- Edition- SwEdition- SwPlatformwordpress
Vasthtml ≫ Forumpress Version1.6.4 Update- Edition- SwEdition- SwPlatformwordpress
Vasthtml ≫ Forumpress Version1.6.5 Update- Edition- SwEdition- SwPlatformwordpress
Vasthtml ≫ Forumpress Version1.6.6 Update- Edition- SwEdition- SwPlatformwordpress
Vasthtml ≫ Forumpress Version1.6.7 Update- Edition- SwEdition- SwPlatformwordpress
Vasthtml ≫ Forumpress Version1.6.8 Update- Edition- SwEdition- SwPlatformwordpress
Vasthtml ≫ Forumpress Version1.6.9 Update- Edition- SwEdition- SwPlatformwordpress
Vasthtml ≫ Forumpress Version1.7 Update- Edition- SwEdition- SwPlatformwordpress
Vasthtml ≫ Forumpress Version1.7.1 Update- Edition- SwEdition- SwPlatformwordpress
Vasthtml ≫ Forumpress Version1.7.2 Update- Edition- SwEdition- SwPlatformwordpress
Vasthtml ≫ Forumpress Version1.7.3 Update- Edition- SwEdition- SwPlatformwordpress
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WP Forum Server
Version
*-1.7.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.03% | 0.911 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
http://packetstormsecurity.org/files/112703/WordPress-WP-Forum-Server-1.7.3-SQL-Injection-Cross-Site-Scripting.html
http://secunia.com/advisories/49155
http://wordpress.org/extend/plugins/forum-server/changelog/
http://www.securityfocus.com/bid/53530
https://plugins.trac.wordpress.org/changeset/532918
https://www.wordfence.com/threat-intel/vulnerabilities/id/190106bd-05ac-4a8f-b7a5-a042092a5713