Published: 16/01/2014 Updated: 08/12/2016

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin prior to 1.7.4 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) groupid parameter in an editgroup action or (2) usergroup_id parameter in an edit_usergroup action.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vasthtml forumpress 1.0
vasthtml forumpress 1.1
vasthtml forumpress 1.6
vasthtml forumpress 1.6.2
vasthtml forumpress 1.6.3
vasthtml forumpress 1.7
vasthtml forumpress 1.7.1
vasthtml forumpress 1.4
vasthtml forumpress 1.5
vasthtml forumpress 1.6.6
vasthtml forumpress 1.6.7
vasthtml forumpress
vasthtml forumpress 1.2
vasthtml forumpress 1.3
vasthtml forumpress 1.6.4
vasthtml forumpress 1.6.5
vasthtml forumpress 1.7.2
vasthtml forumpress 1.7.3
vasthtml forumpress 1.5.1
vasthtml forumpress 1.5.2
vasthtml forumpress 1.6.8
vasthtml forumpress 1.6.9

source: wwwsecurityfocuscom/bid/53530/info WP Forum Server plugin for WordPress is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credential ...

CWE-79 https://plugins.trac.wordpress.org/changeset/532918 http://packetstormsecurity.org/files/112703/WordPress-WP-Forum-Server-1.7.3-SQL-Injection-Cross-Site-Scripting.html http://wordpress.org/extend/plugins/forum-server/changelog/http://secunia.com/advisories/49155 http://www.securityfocus.com/bid/53530 https://nvd.nist.gov https://www.exploit-db.com/exploits/37195/

CVE-2012-6622

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect