Lucene search
Chris CooperPATCHSTACK:F0C3C7B93F17C3076C0874E4D8A8E2FAHistoryAug 30, 2012 - 12:00 a.m.
WordPress Download Monitor Plugin - Cross Site Scripting
2012-08-3000:00:00
Chris Cooper
patchstack.com
4
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
WordPress Download Monitor plugin’s “dlsearch” parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based authentication credentials. Other attacks are also possible.
Solution
Update the plugin.
| CPE | Name | Operator | Version |
|---|---|---|---|
| download monitor | le | 3.3.5.7 |
References
Related
cve
cve
CVE-2012-4768
2014-09-04 14:55:00
securityvulns
securityvulns
Wordpress Download Monitor - Download Page Cross-Site Scripting
2012-10-01 00:00:00
Wordpress Download Monitor - Download Page Cross-Site Scripting
2012-10-29 00:00:00
nuclei
nuclei
WordPress Plugin Download Monitor < 3.3.5.9 - Cross-Site Scripting
2021-07-11 06:33:29
prion
prion
Cross site scripting
2014-09-04 14:55:00
packetstorm
packetstorm
Wordpress Download Monitor 3.3.5.7 Cross Site Scripting
2012-09-11 00:00:00
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related for PATCHSTACK:F0C3C7B93F17C3076C0874E4D8A8E2FA