Lucene search

PRIOn knowledge basePRION:CVE-2009-4168

HistoryDec 02, 2009 - 6:30 p.m.

Cross site scripting

2009-12-0218:30:00

PRIOn knowledge base

www.prio-n.com

6.3 Medium

AI Score

Confidence

High

0.135 Low

EPSS

Percentile

95.6%

JSON

Cross-site scripting (XSS) vulnerability in Roy Tanck tagcloud.swf, as used in the WP-Cumulus plugin before 1.23 for WordPress and the Joomulus module 2.0 and earlier for Joomla!, allows remote attackers to inject arbitrary web script or HTML via the tagcloud parameter in a tags action. Cross-site scripting (XSS) vulnerability in tagcloud.swf in the WP-Cumulus Plug-in before 1.23 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tagcloud parameter.

CPENameOperatorVersion
wp-cumulusle1.22
wp-cumuluseq1.00
wp-cumuluseq1.01
wp-cumuluseq1.02
wp-cumuluseq1.2.1
wp-cumuluseq1.03
wp-cumuluseq1.04
wp-cumuluseq1.05
wp-cumuluseq1.10
wp-cumuluseq1.11

Name	Operator	Version
wp-cumulus	le	1.22
wp-cumulus	eq	1.00
wp-cumulus	eq	1.01
wp-cumulus	eq	1.02
wp-cumulus	eq	1.2.1
wp-cumulus	eq	1.03
wp-cumulus	eq	1.04
wp-cumulus	eq	1.05
wp-cumulus	eq	1.10
wp-cumulus	eq	1.11

Rows per page:

1-10 of 191

References

packetstormsecurity.org/1001-exploits/joomlajvclouds-xss.txt

secunia.com/advisories/37483

secunia.com/advisories/38161

websecurity.com.ua/3665/

websecurity.com.ua/3789/

websecurity.com.ua/3801/

websecurity.com.ua/3839/

www.roytanck.com/2009/11/15/wp-cumulus-updated-to-address-yet-another-security-issue/

www.securityfocus.com/archive/1/508071/100/0/threaded

www.securityfocus.com/archive/1/508606/100/0/threaded

www.securityfocus.com/archive/1/508833/100/0/threaded

www.securityfocus.com/bid/37100

www.securityfocus.com/bid/37479

www.vupen.com/english/advisories/2009/3322

exchange.xforce.ibmcloud.com/vulnerabilities/54397

exchange.xforce.ibmcloud.com/vulnerabilities/55156