PT-2013-2009 · Vanilla Forums · Vanilla Forums Latestcomment Plugin

Henry Hoggard

Publicado

2013-05-23

Atualizado

2021-11-09

CVE-2012-6555

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Vanilla Forums LatestComment plugin version 1.1

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the discussion title. This could potentially lead to unauthorized actions on the affected forum.

Recommendations For Vanilla Forums LatestComment plugin version 1.1, consider disabling the plugin until a patch is available to prevent exploitation. Restrict access to the discussion title feature to minimize the risk of XSS attacks.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2012-6555

Produtos afetados

Vanilla Forums Latestcomment Plugin

PT-2013-2009 · Vanilla Forums · Vanilla Forums Latestcomment Plugin

CVE-2012-6555

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6