PT-2012-4358 · WordPress · Leaguemanager
Publicado
2012-05-21
·
Atualizado
2017-08-29
·
CVE-2012-2912
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
LeagueManager plugin version 3.7 for WordPress
Description
The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the
group parameter in the "show-league" page or the season parameter in the "team" page to wp-admin/admin.php.Recommendations
For LeagueManager plugin version 3.7, consider disabling access to the
wp-admin/admin.php page until a patch is available, or restrict the use of the group and season parameters in the respective pages to minimize the risk of exploitation.Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Leaguemanager