CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2011-4562 – Redirection <= 2.2.9 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-4562
Multiple cross-site scripting (XSS) vulnerabilities in (1) view/admin/log_item.php and (2) view/admin/log_item_details.php in the Redirection plugin 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header in a request to a post that does not exist. Multiples vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en (1) view/admin/log_item.php y (2) view/admin/log_item_details.php en el componente Redirection para WordPress v2.2.9 permiten a atacantes remotos inyectar HTML o secuencias de comandos web a través de la cabecera HTTP Referer en una solicitud a una entrada que no existe. • http://dotxed.net/2011/websicherheit/lazy-xss-wenn-statistiken-und-loggs-zur-gefahr-werden.html http://osvdb.org/76092 http://packetstormsecurity.org/files/view/105573/wpredirection229-xss.txt http://plugins.trac.wordpress.org/changeset?reponame=&new=447262%40redirection&old=421721%40redirection http://secunia.com/advisories/46310 http://wordpress.org/extend/plugins/redirection/changelog http://www.securityfocus.com/bid/49985 https://exchange.xforce.ibmcloud.com/vulnerabilities/70373 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2008-0837 – Search Unleashed <= 0.2.10 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-0837
Cross-site scripting (XSS) vulnerability in the log feature in the John Godley Search Unleashed 0.2.10 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, which is not properly handled when the administrator views the log file. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Plugin John Godley Search Unleashed 0.2.10 para WordPress, que permite a atacantes remotos inyectar secuencias de comandos web o html de su elección a través del parámetro "s", que no se encuentra manejado adecuadamente cuando el administrador revisa el fichero de logs. • http://secunia.com/advisories/28968 http://securityreason.com/securityalert/3674 http://urbangiraffe.com/tracker/issues/show/60 http://www.securityfocus.com/archive/1/488109/100/0/threaded http://www.securityfocus.com/bid/27791 https://exchange.xforce.ibmcloud.com/vulnerabilities/40513 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •