CVE-2013-6342 – Tweet Blender <= 4.0.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-6342
Cross-site scripting (XSS) vulnerability in the Tweet Blender plugin before 4.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tb_tab_index parameter to wp-admin/options-general.php. Vulnerabilidad de XSS en el plugin Tweet Blender anterior a la versión 4.0.2 para WordPress permite a atacantes remotos inyectar script web o HTML arbitrario a través del parámetro tb_tab_index a wp-admin/options-general.php. WordPress Tweet Blender plugin version 4.0.1 suffers from a cross site scripting vulnerability. • http://archives.neohapsis.com/archives/bugtraq/2013-11/0072.html http://secunia.com/advisories/55780 http://wordpress.org/plugins/tweet-blender/changelog https://www.htbridge.com/advisory/HTB23180 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •