Cross site scripting

2013-05-2315:55:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

77.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the FirstLastNames plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the (1) User/FirstName or (2) User/LastName parameter to the edit user page. NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
firstlastnameseq1.1.1

CPE	Name	Operator	Version
	firstlastnames	eq	1.1.1

References

secunia.com/advisories/49215

www.henryhoggard.co.uk/security/197

www.securityfocus.com/bid/53637

www.exploit-db.com/exploits/18912