Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2012-2156

Published: 11/04/2012 Updated: 20/12/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Plume-cms

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in Plume CMS 1.2.4 and previous versions allow remote malicious users to inject arbitrary web script or HTML via (1) the u_email parameter (aka Authors Email field) to manager/users.php, (2) the u_realname parameter (aka Authors Name field) to manager/users.php, or (3) the c_author parameter (aka Author field) in an ADD A COMMENT section.

Vulnerable Product Search on Vulmon Subscribe to Product

plume-cms plume cms 1.2.1

plume-cms plume cms 1.2

plume-cms plume cms 1.1.3

plume-cms plume cms 1.0.6

plume-cms plume cms 1.0.5

plume-cms plume cms

plume-cms plume cms 1.0.4

plume-cms plume cms 1.0.3

plume-cms plume cms 1.2.3

plume-cms plume cms 1.2.2

plume-cms plume cms 1.0.2

Exploits

Exploit DB: Plume CMS 1.2.4 - Multiple Persistent Cross-Site Scripting Vulnerabilities
+--------------------------------------------------------------------------------------------------------------------------------+ # Exploit Title : PlumeCMS <= 124 Multiple Persistent XSS # Date : 04-04-2012 # Author : Ivano Binetti (wwwivanobinetticom) # Software link : sourceforgenet/projects ...
Exploit DB: PlumeCMS 1.2.4 Cross Site Scripting
PlumeCMS versions 124 and below suffer from multiple persistent cross site scripting vulnerabilities ...

References

CWE-79http://www.webapp-security.com/wp-content/uploads/2012/04/PlumeCMS-1.2.4-Multiple-Permanent-XSS.txthttps://exchange.xforce.ibmcloud.com/vulnerabilities/74614http://www.webapp-security.com/2012/04/plumecmshttp://www.securityfocus.com/bid/52890http://www.exploit-db.com/exploits/18699http://osvdb.org/80961http://osvdb.org/80960https://nvd.nist.govhttps://www.exploit-db.com/exploits/18699/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook