CVSS: 6.1EPSS: 0%CPEs: 39EXPL: 1CVE-2012-4272 – 2 Click Social Media Buttons <= 0.33 - Multiple Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-4272
Multiple cross-site scripting (XSS) vulnerabilities in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "processing of the buttons of Xing and Pinterest". Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en el plugin '2 Click Social Media Buttons' antes de v0.34 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados relacionados con el "tratamiento de los botones de Xing y Pinterest". • http://plugins.trac.wordpress.org/changeset?old_path=%2F2-click-socialmedia-buttons&old=532798&new_path=%2F2-click-socialmedia-buttons&new=532798 http://wordpress.org/extend/plugins/2-click-socialmedia-buttons/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 39EXPL: 2CVE-2012-4273 – 2 Click Social Media Buttons < 0.34 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-4273
Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en libs/xing.php en el plugin '2 Click Social Media Buttons' antes de v0.34 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro xing-url. • http://packetstormsecurity.org/files/112615/WordPress-2-Click-Socialmedia-Buttons-Cross-Site-Scripting.html http://plugins.trac.wordpress.org/changeset?old_path=%2F2-click-socialmedia-buttons&old=532798&new_path=%2F2-click-socialmedia-buttons&new=532798 http://wordpress.org/extend/plugins/2-click-socialmedia-buttons/changelog https://exchange.xforce.ibmcloud.com/vulnerabilities/75518 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •