Multiple cross-site scripting (XSS) vulnerabilities in the Classipress theme before 3.1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) twitter_id parameter related to the Twitter widget and (2) facebook_id parameter related to the Facebook widget.
References
Link | Resource |
---|---|
http://docs.appthemes.com/classipress/classipress-version-3-1-5/ | Vendor Advisory |
http://secunia.com/advisories/46658 | Vendor Advisory |
http://www.exploit-db.com/exploits/18053 | Exploit |
http://www.osvdb.org/76712 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:15:11
Updated: 2022-10-03T16:15:11
Reserved: 2022-10-03T00:00:00
Link: CVE-2011-5257
JSON object: View
NVD Information
Status : Analyzed
Published: 2013-02-12T20:55:01.870
Modified: 2013-02-13T05:00:00.000
Link: CVE-2011-5257
JSON object: View
Redhat Information
No data.
CWE