CVE-2011-4926 – Adminimize <= 1.7.21 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-4926
Cross-site scripting (XSS) vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS)en adminimize/adminimize_page.php en el plugin anterior a v1.7.22 para WordPress permite a atacantes remotos inyectar código web o HTML a través del parámetro page. • https://www.exploit-db.com/exploits/36325 http://plugins.trac.wordpress.org/changeset?reponame=&new=467338%40adminimize&old=466900%40adminimize#file5 http://wordpress.org/extend/plugins/adminimize/changelog http://www.openwall.com/lists/oss-security/2012/01/05/10 http://www.openwall.com/lists/oss-security/2012/01/10/9 http://www.osvdb.org/77472 http://www.securityfocus.com/archive/1/520591 http://www.securityfocus.com/archive/1/520591/100/0/threaded http://www.securityfocus • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-5128 – Adminimize < 1.7.22 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-5128
Multiple cross-site scripting (XSS) vulnerabilities in the Adminimize plugin before 1.7.22 for WordPress allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) inc-options/deinstall_options.php, (2) inc-options/theme_options.php, or (3) inc-options/im_export_options.php, or the (4) post or (5) post_ID parameters to adminimize.php, different vectors than CVE-2011-4926. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS)en el plugin anterior a v1.7.22 para WordPress permite a atacantes remotos inyectar script web o HTML a través del parámetro 'page' a (1) inc-options/deinstall_options.php, (2) inc-options/theme_options.php, o (3) inc-options/im_export_options.php, o el(4) post o (5) parámetro post_ID a adminimize.php, vectores diferentes que CVE-2011-4926. • http://plugins.trac.wordpress.org/changeset?reponame=&new=467338%40adminimize&old=466900%40adminimize#file5 http://wordpress.org/extend/plugins/adminimize/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •