Lucene search
Aditya BalapurePATCHSTACK:9B663786402EEEF2A8F8853E8E6D4795HistoryNov 29, 2012 - 12:00 a.m.
WordPress Video Lead Form Plugin - Cross Site Scripting
2012-11-2900:00:00
Aditya Balapure
patchstack.com
10
EPSS
0.002
Percentile
57.1%
WordPress Video Lead Form plugin’s “errMsg” parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based authentication credentials. Other attacks are also possible.
Solution
Update the plugin.
References
Related
cvelist
cvelist
CVE-2012-6312
2022-10-03 16:15:27
wpvulndb
wpvulndb
Video Lead Form - "errMsg" Cross-Site Scripting
2014-08-01 10:58:55
securityvulns
securityvulns
Update on CVE assigned for Video Lead Form Plugin Cross-Site
2012-12-10 00:00:00
cve
cve
CVE-2012-6312
2022-10-03 16:15:27
prion
prion
Cross site scripting
2012-12-11 12:18:00
packetstorm
packetstorm
WordPress Video Lead Form 0.5 Cross Site Scripting
2012-11-30 00:00:00
nvd
nvd
CVE-2012-6312
2012-12-11 12:18:37