CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 2CVE-2011-5179 – Skysa App Bar Integration < 1.04 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-5179
Cross-site scripting (XSS) vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly before 1.04, for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en skysa-official/skysa.php en el plugin Skysa App Bar Integration, posiblemente anteriores a v1.04, para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro submit. • https://www.exploit-db.com/exploits/36363 http://www.securityfocus.com/archive/1/520662/100/0/threaded http://www.securityfocus.com/bid/50824 https://exchange.xforce.ibmcloud.com/vulnerabilities/71486 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2011-5265 – Featurific For WordPress <= 1.6.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-5265
Cross-site scripting (XSS) vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the snum parameter. NOTE: this has been disputed by a third party. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en cached_image.php en el plugin Featurific For WordPress v1.6.2 para WordPress permite a atacantes remotos insertar secuencias de comandos web arbitrarias o código HTML a través del parámetro "snum". NOTA: esta vulnerabilidad está siendo discutida por terceros. • https://www.exploit-db.com/exploits/36339 http://archives.neohapsis.com/archives/bugtraq/2012-04/0120.html http://osvdb.org/77337 http://www.securityfocus.com/archive/1/520625/100/0/threaded http://www.securityfocus.com/bid/50779 https://exchange.xforce.ibmcloud.com/vulnerabilities/71468 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3CVE-2011-5181 – Live Chat from ClickDesk – Live Chat – Help Desk Plugin for Websites <= 2.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-5181
Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en clickdesk.php en el plugin ClickDesk Live Support - Live Chat 2.0 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro cdwidgetid. NOTA: algunos detalles se han obtenido de información de terceros. Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter. • https://www.exploit-db.com/exploits/36338 http://osvdb.org/77338 http://wordpress.org/extend/plugins/clickdesk-live-support-chat-plugin/changelog http://www.securityfocus.com/archive/1/520624/100/0/threaded http://www.securityfocus.com/bid/50778 https://exchange.xforce.ibmcloud.com/vulnerabilities/71469 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2011-5107 – Alert Before Your Post <= 0.1.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-5107
Cross-site scripting (XSS) vulnerability in post_alert.php in Alert Before Your Post plugin, possibly 0.1.1 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en post_alert.php en el plugin Alert Before Your Post, posiblemente v0.1.1 y anteriores, para Wordpress que permite a atacantes remotos inyectar código web o HTML arbitrario a través del nombre de un parámetro. • https://www.exploit-db.com/exploits/36323 http://www.securityfocus.com/archive/1/520590/100/0/threaded http://www.securityfocus.com/bid/50743 https://exchange.xforce.ibmcloud.com/vulnerabilities/71413 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 63EXPL: 1CVE-2011-5104 – WP eCommerce < 3.8.7.2 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-5104
Cross-site scripting (XSS) vulnerability in wpsc-admin/display-sales-logs.php in WP e-Commerce plugin 3.8.7.1 and possibly earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the custom_text parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en wpsc-admin/display-sales-logs.php en el plugin para Wordpress e-Commerce v3.8.7.1 y posiblemente anteriores que permite a atacantes remotos inyectar código web o HTML arbitrario a través del parámetro custom_text. NOTA: algunos de estos detalles son obtenidos de información de terceras partes. • http://osvdb.org/77249 http://plugins.trac.wordpress.org/changeset?reponame=&new=463447%40wp-e-commerce&old=463446%40wp-e-commerce http://secunia.com/advisories/46957 http://wordpress.org/extend/plugins/wp-e-commerce/changelog http://www.securityfocus.com/bid/50757 https://exchange.xforce.ibmcloud.com/vulnerabilities/71443 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •