86 matches found
CVE-2013-3487
BulletProof Security WordPress plugin (Security Log): multiple XSS in the security log via HTML header fields to 400.php/403.php in versions before 0.49. Root cause appears to be improper input handling. Remediation: update to a fixed release (0.49 or newer) per PatchStack and related advisories;...
WordPress BulletProof Security Plugin <= 0.48.9 - Multiple XSS
Because of these vulnerabilities in the security log, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
CVE-2012-4268
Cross-site scripting XSS vulnerability in bulletproof-security/admin/options.php in the BulletProof Security plugin before .47.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTPACCEPTENCODING header...
Cross site scripting
Cross-site scripting XSS vulnerability in bulletproof-security/admin/options.php in the BulletProof Security plugin before .47.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTPACCEPTENCODING header...
CVE-2012-4268
Cross-site scripting XSS vulnerability in bulletproof-security/admin/options.php in the BulletProof Security plugin before .47.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTPACCEPTENCODING header...
CVE-2012-4268
CVE-2012-4268 describes a cross-site scripting (XSS) vulnerability in the BulletProof Security WordPress plugin. The flaw resides in bulletproof-security/admin/options.php and affects versions before .47.1, allowing remote attackers to inject arbitrary script/HTML via the HTTP_ACCEPT_ENCODING hea...