4.3

CVE-2013-0734

Mingle Forum <= 1.0.33.3 - Stored Cross-Site Scripting

Multiple cross-site scripting (XSS) vulnerabilities in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) search_words parameter in a search action to wpf.class.php or (2) togroupusers parameter in an add_user_togroup action to fs-admin/fs-admin.php.
Mögliche Gegenmaßnahme
Mingle Forum: Update to version 1.0.34, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Mingle Forum
Version *-1.0.33.3
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CartpaujMingle-forum Version <= 1.0.33
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.00
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.01
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.02
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.03
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.04
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.05
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.06
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.07
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.08
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.09
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.10
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.11
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.12
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.13
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.14
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.15
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.16
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.17
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.18
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.19
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.20
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.21
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.21.1
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.22
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.23
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.23.1
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.23.2
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.24
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.25
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.26
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.27
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.28
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.28.1
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.28.2
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.29
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.30
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.31
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.31.1
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.31.2
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.31.3
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.31.4
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.32
   WordpressWordpress Version-
CartpaujMingle-forum Version1.0.32.1
   WordpressWordpress Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.43% 0.597
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.