4.3
CVE-2013-3263
- EPSS 0.27%
- Veröffentlicht 05.11.2013 20:55:28
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle PSIRT-CNA@flexerasoftware.com
- CVE-Watchlists
- Unerledigt
LoginWP Ultimate Email Marketer <= 1.2.0 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in the WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl parameter to campaign/campaignone.php; the (2) action, (3) campaignname, (4) campaignformat, or (5) emailtemplate parameter to campaign/campaigntwo.php; the (6) listid parameter to list/edit.php; the (7) campaignid or (8) siteurl parameter to campaign/editcampaign.php; the (9) campaignid parameter to campaign/selectlistb4send.php; the (10) campaignid, (11) campaignname, (12) campaignsubject, or (13) selectedcampaigns parameter to campaign/sendCampaign.php; or the (14) campaignid, (15) campaignname, (16) campaignformat, or (17) action parameter to campaign/updatecampaign.php.
Mögliche Gegenmaßnahme
WP Ultimate Email Marketer: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WP Ultimate Email Marketer
Version
*-1.2.0
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Smackcoders ≫ Wp Ultimate Email Marketer Plugin Update- SwPlatformwordpress Version <= 1.1.0
Smackcoders ≫ Wp Ultimate Email Marketer Plugin Version1.0.0 Update- SwPlatformwordpress
Smackcoders ≫ Wp Ultimate Email Marketer Plugin Version1.0.1 Update- SwPlatformwordpress
Smackcoders ≫ Wp Ultimate Email Marketer Plugin Version1.0.2 Update- SwPlatformwordpress
Smackcoders ≫ Wp Ultimate Email Marketer Plugin Version1.0.3 Update- SwPlatformwordpress
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.476 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.