8 matches found
CVE-2011-3859
Cross-site scripting XSS vulnerability in the Trending theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter...
CVE-2011-3859
Cross-site scripting XSS vulnerability in the Trending theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in the Trending theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter...
CVE-2011-3859
Cross-site scripting XSS vulnerability in the Trending theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter...
CVE-2011-3859
CVE-2011-3859 concerns the WordPress Trending theme prior to version 0.2, where the cpage parameter is susceptible to cross-site scripting (XSS). Exploitation could allow remote attackers to inject arbitrary script or HTML in the context of the affected site. Several connected sources corroborate...
PT-2011-4735 · WordPress · Trending Theme
Name of the Vulnerable Software and Affected Versions: Trending theme for WordPress versions prior to 0.2 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the cpage parameter, which can lead to cross-site scripting XSS attacks. Recommendations: For version...
WordPress Trending Theme 0.1 - Cross-Site Scripting
WordPress Trending theme's "cpage" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal...
WordPress Theme Trending 0.1 - 'cpage' Cross-Site Scripting
source: https://www.securityfocus.com/bid/49896/info The Trending theme for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting...