CVSS: 6.1EPSS: 16%CPEs: 20EXPL: 3CVE-2009-4168 – WP-Cumulus <= 1.22 - Cross-Site Scripting via tagcloud
https://notcve.org/view.php?id=CVE-2009-4168
Cross-site scripting (XSS) vulnerability in Roy Tanck tagcloud.swf, as used in the WP-Cumulus plugin before 1.23 for WordPress and the Joomulus module 2.0 and earlier for Joomla!, allows remote attackers to inject arbitrary web script or HTML via the tagcloud parameter in a tags action. Cross-site scripting (XSS) vulnerability in tagcloud.swf in the WP-Cumulus Plug-in before 1.23 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tagcloud parameter. Vulnerabilidad de tipo cross-site scripting (XSS) en el archivo tagcloud.swf, tal como es usado en el plugin WP-Cumulus de Roy Tanck anterior a versión 1.23 para WordPress y la versión 2.0 y anterior del módulo Joomulus para Joomla!, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro tagcloud en una acción tags. • https://www.exploit-db.com/exploits/33371 http://packetstormsecurity.org/1001-exploits/joomlajvclouds-xss.txt http://secunia.com/advisories/37483 http://secunia.com/advisories/38161 http://websecurity.com.ua/3665 http://websecurity.com.ua/3789 http://websecurity.com.ua/3801 http://websecurity.com.ua/3839 http://www.roytanck.com/2009/11/15/wp-cumulus-updated-to-address-yet-another-security-issue http://www.securityfocus.com/archive/1/508071/100/0/threaded http://www.securi • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 19EXPL: 0CVE-2009-4169 – WP Cumulus < 1.22 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-4169
Cross-site scripting (XSS) vulnerability in wp-cumulus.php in the WP-Cumulus Plug-in before 1.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en wp-cumulus.php del WP-Cumulus Plug-in anterior a v1.22 para WordPress, permite a atacantes remotos inyectar secuencias de comandos Web o HTML de su elección a través de vectores no especificados. • http://www.roytanck.com/2009/09/27/wp-cumulus-1-22-fixes-a-security-hole-please-upgrade http://www.securityfocus.com/bid/37102 http://www.vupen.com/english/advisories/2009/3322 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •