CVE-2012-5349

2012-10-0915:00:00

mitre

www.cve.org

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) title, or (3) dl parameter.

References

secunia.com/advisories/47475

wordpress.org/extend/plugins/pay-with-tweet/changelog/

www.exploit-db.com/exploits/18330

www.osvdb.org/78205

www.securityfocus.com/bid/51308

exchange.xforce.ibmcloud.com/vulnerabilities/72166