CVE-2011-5182 in Lanoba Social pluginالمعلومات

الملخص

بحسب MITRE

** DISPUTED ** Cross-site scripting (XSS) vulnerability in lanoba-social-plugin/index.php in the Lanoba Social plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the vendor disputes this issue, stating "Lanoba s plug in does sanitize user input, and because that input is never sent to the browser, an attacker has no way of executing script or code on a user s behalf."

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

حجز

19/09/2012

إفشاء

20/09/2012

الاعتدال

تمت الموافقة

إدخال

VDB-62379

CPE

جاهز

CWE

CWE-79 (مؤكد)

استغلال

تحميل

CVSS

4.3 (NVD)

EPSS

0.03604

KEV

لا

النشاطات

منخفض جدًا

القطاع

Hostingprovider, Lawfirm, ...

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-5182
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-5182
CVE Details	https://www.cvedetails.com/cve/CVE-2011-5182/

التالي ▸نظرة عامة ◂ السابق

Want to stay up to date on a daily basis?

Enable the mail alert feature now!