CVE-2011-4618 – Advanced Text Widget <= 2.0.1 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2011-4618

Cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. Vulnerabilidad Cross-site scripting (XSS) en advancedtext.php en el plugin Advanced Text Widget anterior a v2.0.2 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro "page". • https://www.exploit-db.com/exploits/36324 http://archives.neohapsis.com/archives/bugtraq/2012-04/0119.html http://plugins.trac.wordpress.org/changeset?reponame=&new=466102%40advanced-text-widget&old=465828%40advanced-text-widget http://wordpress.org/extend/plugins/advanced-text-widget/changelog http://wordpress.org/support/topic/wordpress-advanced-text-widget-plugin-cross-site-scripting-vulnerabilities http://www.openwall.com/lists/oss-security/2011/12/19/6 http://www.securityfocus.com/archive/1/520589 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •