CVE-2012-6628

2014-01-1621:55:00

CWE-79

[email protected]

web.nvd.nist.gov

xss

newsletter manager plugin

wordpress

cve-2012-6628

cross-site scripting

security vulnerability

6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

65.4%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the Newsletter Manager plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) xyz_em_campName to admin/create_campaign.php or (2) admin/edit_campaign.php, (3) xyz_em_email parameter to admin/edit_email.php, (4) xyz_em_exportbatchSize parameter to import_export.php, or (5) pagination limit in the Newsletter Manager options.

CPENameOperatorVersion
xyzscripts:newsletter_managerxyzscripts newsletter managerle1.0.2
xyzscripts:newsletter_managerxyzscripts newsletter managereq1.0.1
xyzscripts:newsletter_managerxyzscripts newsletter managereq1.0

CPE	Name	Operator	Version
xyzscripts:newsletter_manager	xyzscripts newsletter manager	le	1.0.2
xyzscripts:newsletter_manager	xyzscripts newsletter manager	eq	1.0.1
xyzscripts:newsletter_manager	xyzscripts newsletter manager	eq	1.0