CVE-2013-4954

Exploit

EPSS 4.92%
Veröffentlicht 29.07.2013 23:27:50
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Pie Register <= 1.30 - Multiple Cross-Site Scripting

Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before 1.31 for WordPress, when "Allow New Registrations to set their own Password" is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pass1 or (2) pass2 parameter in a register action.  NOTE: some of these details are obtained from third party information.

Mögliche Gegenmaßnahme

Pie Register – User Registration, Profiles & Content Restriction: Update to version 1.31, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Pie Register – User Registration, Profiles & Content Restriction

Version *-1.30

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Genetechsolutions ≫ Pie-register Version <= 1.30

Wordpress ≫ Wordpress Version-

Genetechsolutions ≫ Pie-register Version1.0.1

Wordpress ≫ Wordpress Version-

Genetechsolutions ≫ Pie-register Version1.1.1

Wordpress ≫ Wordpress Version-

Genetechsolutions ≫ Pie-register Version1.1.2

Wordpress ≫ Wordpress Version-

Genetechsolutions ≫ Pie-register Version1.1.3

Wordpress ≫ Wordpress Version-

Genetechsolutions ≫ Pie-register Version1.1.5

Wordpress ≫ Wordpress Version-

Genetechsolutions ≫ Pie-register Version1.1.6

Wordpress ≫ Wordpress Version-

Genetechsolutions ≫ Pie-register Version1.1.7

Wordpress ≫ Wordpress Version-

Genetechsolutions ≫ Pie-register Version1.1.8

Wordpress ≫ Wordpress Version-

Genetechsolutions ≫ Pie-register Version1.1.9

Wordpress ≫ Wordpress Version-

Genetechsolutions ≫ Pie-register Version1.1.9 Updatea

Wordpress ≫ Wordpress Version-

Genetechsolutions ≫ Pie-register Version1.2.0

Wordpress ≫ Wordpress Version-

Genetechsolutions ≫ Pie-register Version1.2.1

Wordpress ≫ Wordpress Version-

Genetechsolutions ≫ Pie-register Version1.2.2

Wordpress ≫ Wordpress Version-

Genetechsolutions ≫ Pie-register Version1.2.3

Wordpress ≫ Wordpress Version-

Genetechsolutions ≫ Pie-register Version1.2.4

Wordpress ≫ Wordpress Version-

Genetechsolutions ≫ Pie-register Version1.2.6

Wordpress ≫ Wordpress Version-

Genetechsolutions ≫ Pie-register Version1.2.7

Wordpress ≫ Wordpress Version-

Genetechsolutions ≫ Pie-register Version1.2.8 Updatebeta

Wordpress ≫ Wordpress Version-

Genetechsolutions ≫ Pie-register Version1.2.9

Wordpress ≫ Wordpress Version-

Genetechsolutions ≫ Pie-register Version1.2.9 Updatea

Wordpress ≫ Wordpress Version-

Genetechsolutions ≫ Pie-register Version1.2.91

Wordpress ≫ Wordpress Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.92%	0.886

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.6	4.9	2.9	AV:N/AC:H/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://osvdb.org/95160

http://plugins.trac.wordpress.org/changeset?reponame=&old=740249%40pie-register&new=740249%40pie-register

Patch

Exploit

http://secunia.com/advisories/54123

Vendor Advisory

http://wordpress.org/plugins/pie-register/changelog/

http://wordpress.org/support/topic/security-issue-web-application-cross-site-scripting

http://www.securityfocus.com/bid/61140

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/85604

https://www.wordfence.com/threat-intel/vulnerabilities/id/5b68e26d-1680-42ed-9b8e-23c80c19b1be