CVE-2015-9439 – AddThis Sharing Buttons <= 5.0.12 - Authenticated Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9439
The addthis plugin before 5.0.13 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=addthis_social_widget pubid parameter. El plugin addthis versiones anteriores a 5.0.13 para WordPress, presenta una vulnerabilidad de tipo CSRF con un XSS resultante por medio del parámetro pubid de wp-admin/options-general.php?page=addthis_social_widget. • http://blog.cinu.pl/2015/11/php-static-code-analysis-vs-top-1000-wordpress-plugins.html https://wordpress.org/plugins/addthis/#developers https://wpvulndb.com/vulnerabilities/8246 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-1536
https://notcve.org/view.php?id=CVE-2010-1536
Cross-site scripting (XSS) vulnerability in the AddThis Button module 5.x before 5.x-2.2 and 6.x before 6.x-2.9 for Drupal allows remote authenticated users, with administer addthis privileges, to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo AddThis Button v5.x anterior a v5.x-2.2 y v6.x anterior a v6.x-2.9 para Drupal permite a usuarios autenticados en remoto con privilegios de administrar addthis, inyectar secuencias de comandos Web o HTML mediante vectores no especificados • http://drupal.org/node/731568 http://drupal.org/node/731576 http://drupal.org/node/731578 http://secunia.com/advisories/38818 http://www.securityfocus.com/bid/38513 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •