CVE-2013-6993 – Ad-minister <= 0.6 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2013-6993

Cross-site scripting (XSS) vulnerability in the Ad-minister plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the key parameter in a delete action to wp-admin/tools.php. Vulnerabilidad de cross-site scripting (XSS) en el plugin Ad-minister 0.6 y anteriores para WordPress permite a atacantes remotos inyectar scripts web o HTML arbitrarios a través del parámetro key en una acción delete en wp-admin/tools.php. The Ad-minister plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 0.6 via the key parameter in a delete action to wp-admin/tools.php due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser. WordPress Ad-minister plugin version 0.6 suffers from a cross site scripting vulnerability. • http://wordpress.org/support/topic/ad-minister-06-security-vulnerability-notification-xss http://www.securityfocus.com/archive/1/530540/100/0/threaded https://www.htbridge.com/advisory/HTB23187 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •