Lucene search

K
nvd[email protected]NVD:CVE-2011-5207
HistoryOct 04, 2012 - 5:55 p.m.

CVE-2011-5207

2012-10-0417:55:01
CWE-79
web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.7%

Cross-site scripting (XSS) vulnerability in admin/OptionsPostsList.php in the TheCartPress plugin for WordPress before 1.1.6 before 2011-12-31 allows remote attackers to inject arbitrary web script or HTML via the tcp_name_post_XXXXX parameter.

Affected configurations

NVD
Node
thecartpressthecartpressRange1.1.6
OR
thecartpressthecartpressMatch1.0
OR
thecartpressthecartpressMatch1.0.1
OR
thecartpressthecartpressMatch1.0.2
OR
thecartpressthecartpressMatch1.0.3
OR
thecartpressthecartpressMatch1.0.4
OR
thecartpressthecartpressMatch1.0.5
OR
thecartpressthecartpressMatch1.0.6
OR
thecartpressthecartpressMatch1.0.7
OR
thecartpressthecartpressMatch1.0.8
OR
thecartpressthecartpressMatch1.0.9
OR
thecartpressthecartpressMatch1.1.0
OR
thecartpressthecartpressMatch1.1.1
OR
thecartpressthecartpressMatch1.1.2
OR
thecartpressthecartpressMatch1.1.3
OR
thecartpressthecartpressMatch1.1.4
OR
thecartpressthecartpressMatch1.1.5
AND
wordpresswordpressMatch-

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.7%

Related for NVD:CVE-2011-5207