CVE-2011-4618
5.9 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.019 Low
EPSS
Percentile
88.6%
Cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.
| CPE | Name | Operator | Version |
|---|---|---|---|
| simplerealtytheme:advanced_text_widget_plugin | simplerealtytheme advanced text widget plugin | le | 2.0.1 |
References
archives.neohapsis.com/archives/bugtraq/2012-04/0119.html
plugins.trac.wordpress.org/changeset?reponame=&new=466102%40advanced-text-widget&old=465828%40advanced-text-widget
wordpress.org/extend/plugins/advanced-text-widget/changelog/
wordpress.org/support/topic/wordpress-advanced-text-widget-plugin-cross-site-scripting-vulnerabilities
www.openwall.com/lists/oss-security/2011/12/19/6
www.securityfocus.com/archive/1/520589
www.securityfocus.com/bid/50744
exchange.xforce.ibmcloud.com/vulnerabilities/71412
Related
5.9 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.019 Low
EPSS
Percentile
88.6%