Lucene search

[email protected]CVE-2012-5349

HistoryOct 09, 2012 - 3:55 p.m.

CVE-2012-5349

2012-10-0915:55:01

CWE-79

[email protected]

web.nvd.nist.gov

cve

2012

5349

cross-site scripting

xss

pay with tweet

plugin

vulnerability

nvd

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) title, or (3) dl parameter.

Affected configurations

NVD

Node

wordpresspay-with-tweetRange≤1.1

AND

wordpresswordpressMatch-

CPENameOperatorVersion
wordpress:pay-with-tweetwordpress pay-with-tweetle1.1

CPE	Name	Operator	Version
wordpress:pay-with-tweet	wordpress pay-with-tweet	le	1.1

References

secunia.com/advisories/47475

wordpress.org/extend/plugins/pay-with-tweet/changelog/

www.exploit-db.com/exploits/18330

www.osvdb.org/78205

www.securityfocus.com/bid/51308

exchange.xforce.ibmcloud.com/vulnerabilities/72166

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.5%

JSON

Related for CVE-2012-5349

cvelist1 patchstack1 prion1 nvd1