Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 11/12/2012 Updated: 28/12/2012

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin for WordPress allows remote malicious users to inject arbitrary web script or HTML via the errMsg parameter in a video-lead-form action to wp-admin/admin.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
video-lead-form uk-cookie -

source: wwwsecurityfocuscom/bid/56737/info The Video Lead Form plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site Th ...

CWE-79 http://wordpress.org/extend/plugins/video-lead-form/changelog/http://archives.neohapsis.com/archives/bugtraq/2012-12/0060.html https://nvd.nist.gov https://www.exploit-db.com/exploits/38066/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-6312

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect