CVE-2012-5325 – Shortcode Redirect <= 1.0.01 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2012-5325

Multiple cross-site scripting (XSS) vulnerabilities in the scr_do_redirect function in scr.php in the Shortcode Redirect plugin 1.0.01 and earlier for WordPress allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via the (1) url or (2) sec attributes in a redirect tag. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en la función scr_do_redirect en scr.php en el complemento Shortcode Redirect v1.0.01 y anteriores para WordPress, permite a usuarios autenticados remotamente con algunos permisos inyectar secuencias de comandos web o HTML a través de los atributos (1) url o (2) sec en una etiqueta redirect. • http://packetstormsecurity.org/files/view/108914/wpshortcoderedirect-xss.txt http://www.securityfocus.com/bid/51626 https://exchange.xforce.ibmcloud.com/vulnerabilities/72620 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •