CVE-2013-2501 – Terillion Reviews < 1.2 - Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2013-2501

Cross-site scripting (XSS) vulnerability in the Terillion Reviews plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ProfileId field. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el plugin Terillion Reviews antes de v1.2 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del campo ProfileID. • https://www.exploit-db.com/exploits/38373 http://archives.neohapsis.com/archives/bugtraq/2013-03/0055.html http://osvdb.org/91123 http://packetstormsecurity.com/files/120730/WordPress-Terillion-Reviews-Cross-Site-Scripting.html http://plugins.trac.wordpress.org/changeset/683838/terillion-reviews http://wordpress.org/extend/plugins/terillion-reviews/changelog http://www.securityfocus.com/bid/58415 https://exchange.xforce.ibmcloud.com/vulnerabilities/82727 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •