Lucene search
Pietro OlivaPATCHSTACK:0F667A81783AB600CD2E862D34A072D7HistoryFeb 07, 2014 - 12:00 a.m.
WordPress BuddyPress Plugin <= 1.9.1 - XSS
2014-02-0700:00:00
Pietro Oliva
patchstack.com
6
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
Because of this vulnerability, authenticated users can inject arbitrary web script or HTML via the name field to groups/create/step/group-details.
Solution
Update the plugin.
| CPE | Name | Operator | Version |
|---|---|---|---|
| buddypress | le | 1.9.1 |
Related
securityvulns
securityvulns
Wordpress plugin Buddypress <= 1.9.1 stored xss vulnerability
2014-05-05 00:00:00
packetstorm
packetstorm
WordPress Buddypress 1.9.1 Cross Site Scripting
2014-02-14 00:00:00
wpvulndb
wpvulndb
Buddypress <= 1.9.1 - Stored Cross-Site Scripting (XSS)
2014-08-01 10:58:44
zdt
zdt
WordPress Buddypress 1.9.1 Cross Site Scripting Vulnerability
2014-02-15 00:00:00
seebug
seebug
Wordpress Buddypress插件'name'字段HTML注入漏洞
2014-02-18 00:00:00
prion
prion
Cross site scripting
2014-03-01 00:01:00
cve
cve
CVE-2014-1888
2014-03-01 00:01:00
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related for PATCHSTACK:0F667A81783AB600CD2E862D34A072D7