Published: 08/07/2013 Updated: 08/07/2013

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload prior to 1.5.5, as used in WordPress prior to 3.5.1 and other products, allows remote malicious users to inject arbitrary web script or HTML via the id parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wordpress wordpress 3.3.3
wordpress wordpress 3.3.2
wordpress wordpress 2.5.1
wordpress wordpress 2.0.11
wordpress wordpress 2.6.2
wordpress wordpress 2.6.1
wordpress wordpress 2.6
wordpress wordpress 2.3.1
wordpress wordpress 2.0
wordpress wordpress 2.7
wordpress wordpress 2.9
wordpress wordpress 2.9.1
wordpress wordpress 2.6.5
wordpress wordpress 1.6.2
wordpress wordpress 1.5.2
wordpress wordpress 1.5
wordpress wordpress 1.5.1
wordpress wordpress 1.3
wordpress wordpress 1.3.2
wordpress wordpress 0.71
moxiecode plupload
wordpress wordpress
wordpress wordpress 3.4.2
wordpress wordpress 2.8
wordpress wordpress 2.0.9
wordpress wordpress 2.2
wordpress wordpress 2.2.1
wordpress wordpress 2.0.2
wordpress wordpress 2.0.4
wordpress wordpress 2.0.5
wordpress wordpress 2.0.6
wordpress wordpress 2.0.7
wordpress wordpress 2.9.1.1
wordpress wordpress 2.8.5.1
wordpress wordpress 2.8.1
wordpress wordpress 2.8.5.2
wordpress wordpress 1.0
wordpress wordpress 1.0.1
wordpress wordpress 1.2.5
moxiecode plupload 1.4.3
moxiecode plupload 1.4.2
moxiecode plupload 1.4.1
moxiecode plupload 1.4.0
wordpress wordpress 3.4.0
wordpress wordpress 3.3.1
wordpress wordpress 2.2.3
wordpress wordpress 2.0.8
wordpress wordpress 2.3.3
wordpress wordpress 2.6.3
wordpress wordpress 2.3.2
wordpress wordpress 2.0.10
wordpress wordpress 2.1.1
wordpress wordpress 2.9.2
wordpress wordpress 2.5
wordpress wordpress 2.7.1
wordpress wordpress 2.8.2
wordpress wordpress 1.5.1.2
wordpress wordpress 1.2.2
wordpress wordpress 1.2
wordpress wordpress 1.2.3
wordpress wordpress 1.1.1
moxiecode plupload 1.5.2
moxiecode plupload 1.5.0
wordpress wordpress 3.4.1
wordpress wordpress 3.3
wordpress wordpress 2.1.3
wordpress wordpress 2.3
wordpress wordpress 2.8.6
wordpress wordpress 2.8.4
wordpress wordpress 2.2.2
wordpress wordpress 2.0.1
wordpress wordpress 2.1
wordpress wordpress 2.1.2
wordpress wordpress 2.8.3
wordpress wordpress 2.8.5
wordpress wordpress 1.5.1.1
wordpress wordpress 1.5.1.3
wordpress wordpress 1.2.1
wordpress wordpress 1.0.2
wordpress wordpress 1.2.4
wordpress wordpress 1.3.3
moxiecode plupload 1.5.3
moxiecode plupload 1.5.1
fedoraproject fedora 16
fedoraproject fedora 18
fedoraproject fedora 17

Debian Bug report logs - #698929 wordpress: CVE-2013-0237: XSS in the external library Plupload fixed in 351 Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Henri Salo <henri@nervfi> Date: Fri, 25 Jan 2013 09: ...

CWE-79 https://bugzilla.redhat.com/show_bug.cgi?id=904122 http://wordpress.org/news/2013/01/wordpress-3-5-1/https://github.com/moxiecode/plupload/commit/2d746ee9083c184f1234d8fed311e89bdd1b39e5 http://codex.wordpress.org/Version_3.5.1 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698929 https://nvd.nist.gov

Get Started

CVE-2013-0237

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect