{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-03-26T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the cms_tpv_admin_head function in functions.php in the CMS Tree Page View plugin before 0.8.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cms_tpv_view parameter to wp-admin/options-general.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "48510", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/48510"}, {"name": "80573", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/80573"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wordpress.org/extend/plugins/cms-tree-page-view/changelog/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.htbridge.com/advisory/HTB23083"}, {"name": "wordpress-cmstree-edit-xss(74337)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74337"}, {"name": "52708", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/52708"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://plugins.trac.wordpress.org/changeset/523576/cms-tree-page-view"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-1834", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the cms_tpv_admin_head function in functions.php in the CMS Tree Page View plugin before 0.8.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cms_tpv_view parameter to wp-admin/options-general.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "48510", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48510"}, {"name": "80573", "refsource": "OSVDB", "url": "http://www.osvdb.org/80573"}, {"name": "http://wordpress.org/extend/plugins/cms-tree-page-view/changelog/", "refsource": "CONFIRM", "url": "http://wordpress.org/extend/plugins/cms-tree-page-view/changelog/"}, {"name": "https://www.htbridge.com/advisory/HTB23083", "refsource": "MISC", "url": "https://www.htbridge.com/advisory/HTB23083"}, {"name": "wordpress-cmstree-edit-xss(74337)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74337"}, {"name": "52708", "refsource": "BID", "url": "http://www.securityfocus.com/bid/52708"}, {"name": "http://plugins.trac.wordpress.org/changeset/523576/cms-tree-page-view", "refsource": "CONFIRM", "url": "http://plugins.trac.wordpress.org/changeset/523576/cms-tree-page-view"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-1834", "datePublished": "2014-04-07T15:00:00", "dateReserved": "2012-03-21T00:00:00", "dateUpdated": "2017-08-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "231B1684-B5E2-4366-B961-063D23F6E3A4", "versionEndIncluding": "0.8.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "413069BD-21C2-40F5-960B-130FFC9EE947", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.1a:*:*:*:*:wordpress:*:*", "matchCriteriaId": "2D1553E5-3EA6-4552-82C2-D4662462AB25", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "333F8D91-06FC-42EF-A7A2-68226C6A5B09", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "F9713986-D854-4D0E-80FF-5E7B890E6BFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "50C1ED83-E591-419B-AF2F-AF8DFAB756E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "4D3E53F0-3059-4F3C-A8F2-0632AE908817", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "3C2EEE37-1D45-444E-B02C-91C854EEF513", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "698C0E0A-8CC3-4523-977B-7CB46CE6C057", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "4AC7AA05-71FA-4EB1-B9ED-80209B8EDD08", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4.5:*:*:*:*:wordpress:*:*", "matchCriteriaId": "77A111EC-6E43-4E5D-BCF3-349359B0429A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4.6:*:*:*:*:wordpress:*:*", "matchCriteriaId": "655C0829-3FDC-4AFB-93FB-8E2AE91F51EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4.7:*:*:*:*:wordpress:*:*", "matchCriteriaId": "C9D2AF0D-7CF7-4385-AF28-6AECB028246B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4.8:*:*:*:*:wordpress:*:*", "matchCriteriaId": "113DCD65-F7D4-4D82-94C5-262171DDAE30", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.4.9:*:*:*:*:wordpress:*:*", "matchCriteriaId": "F474DDF8-4121-4370-B63C-A15931DD613F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.5:*:*:*:*:wordpress:*:*", "matchCriteriaId": "74ED46BD-24A8-4A1E-B69A-21DD93DE9F8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.5.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "EBF924E5-ACA2-49F2-A5F1-36A9219285C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.5.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "66DDBA63-9718-4891-8A6E-4F77366A571F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.5.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "8F51AF88-474E-4D16-916F-CF495F1E055E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.5.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "B50B32BE-8FF8-4CD2-BDEF-7A796A563D02", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.5.5:*:*:*:*:wordpress:*:*", "matchCriteriaId": "5354911A-9C4F-4037-B611-8DE0F7AA4109", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.5.6:*:*:*:*:wordpress:*:*", "matchCriteriaId": "9552B085-2C3E-4295-9014-14C818D185F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.5.7:*:*:*:*:wordpress:*:*", "matchCriteriaId": "4470BB00-681E-4B7D-A9B4-D33E9882372A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.6:*:*:*:*:wordpress:*:*", "matchCriteriaId": "D1EC6050-115C-48BF-BEB7-35B596916854", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.6.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "262CE0D5-A74E-46D4-9C33-FAD77CA9EDAF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.6.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "C731DADF-5E43-47B4-BA79-F6617BB892F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.6.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "85812DD4-7CEE-466C-A3B3-5BFBE4683DC7", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7:*:*:*:*:wordpress:*:*", "matchCriteriaId": "7AE76495-A7E2-4191-8588-9A58164F9016", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "D5B21BCF-D184-4915-9D77-94A1F94F4B7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "4340724C-5050-449A-AD0A-D1552F460620", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "32D7F845-B24C-4BFE-A27B-5BDFD1BF49ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "177C4352-3B64-4DF3-999E-FEADCEA66E3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.5:*:*:*:*:wordpress:*:*", "matchCriteriaId": "730A2CC9-4AAA-4AE0-908E-79AB0E5B8671", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.6:*:*:*:*:wordpress:*:*", "matchCriteriaId": "3D9AB355-D639-4853-AA5C-B1297141A609", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.7:*:*:*:*:wordpress:*:*", "matchCriteriaId": "7572AB9C-B00A-42AD-A890-3157A53F470D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.8:*:*:*:*:wordpress:*:*", "matchCriteriaId": "036538F8-D1E8-4B80-B4B8-0119F659D37B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.9:*:*:*:*:wordpress:*:*", "matchCriteriaId": "8709D5C2-5999-4516-9BAF-F9A6F5F1E75B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.10:*:*:*:*:wordpress:*:*", "matchCriteriaId": "9B684B0C-6A96-4D8D-906E-5FC0BE83D746", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.11:*:*:*:*:wordpress:*:*", "matchCriteriaId": "06D2F0E8-CD0E-4202-B57B-B724A043C9E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.12:*:*:*:*:wordpress:*:*", "matchCriteriaId": "212D4174-6A22-4E64-B6BB-E819E2E4F973", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.13:*:*:*:*:wordpress:*:*", "matchCriteriaId": "CBC6D453-6025-4FD3-B6D2-A5FF4668F5DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.14:*:*:*:*:wordpress:*:*", "matchCriteriaId": "C7243CA2-A67D-4D62-ADBD-09B8CBAAD353", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.15:*:*:*:*:wordpress:*:*", "matchCriteriaId": "15BF2206-C356-4D81-9CA5-11AE604111AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.16:*:*:*:*:wordpress:*:*", "matchCriteriaId": "EBBEEB6E-FE56-440E-BBAA-9ECEE2678BCB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.17:*:*:*:*:wordpress:*:*", "matchCriteriaId": "11D75FC4-8AAF-4C63-96AE-883FDA3D22EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.18:*:*:*:*:wordpress:*:*", "matchCriteriaId": "B44B7646-9BD0-40CA-9C82-7F9BA363F045", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.19:*:*:*:*:wordpress:*:*", "matchCriteriaId": "312A1044-7EC5-4FA9-9026-5CEF328EECAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.7.20:*:*:*:*:wordpress:*:*", "matchCriteriaId": "7D6612AD-12DE-4888-878F-C29B46AC9E79", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.8:*:*:*:*:wordpress:*:*", "matchCriteriaId": "88291848-420B-47A4-8B3B-9A0DBFB8EDEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.8.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "6EC991D6-E241-4B9E-8102-13579DC58BDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.8.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "1C528946-A2C2-40A4-9249-8641AEF37E16", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.8.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "F012B06C-6E5E-42B2-80FC-C4AA2D9B4838", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.8.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "E4A57510-F5C8-4E62-B731-F644D289C2CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.8.5:*:*:*:*:wordpress:*:*", "matchCriteriaId": "C63DEA64-2E8F-43B7-9C44-A645D6CF2099", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.8.6:*:*:*:*:wordpress:*:*", "matchCriteriaId": "7C03AB33-96FA-4586-97DE-0A11A09AACBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cms_tree_page_view_project:cms_tree_page_view:0.8.7:*:*:*:*:wordpress:*:*", "matchCriteriaId": "BC6468DE-B43D-4943-B2B7-507B90669D78", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the cms_tpv_admin_head function in functions.php in the CMS Tree Page View plugin before 0.8.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cms_tpv_view parameter to wp-admin/options-general.php."}, {"lang": "es", "value": "Vulnerabilidad de XSS en la funci\u00f3n cms_tpv_admin_head en functions.php en el plugin CMS Tree Page View anterior a 0.8.9 para WordPress permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s del par\u00e1metro cms_tpv_view hacia wp-admin/options-general.php."}], "id": "CVE-2012-1834", "lastModified": "2017-08-29T01:31:25.647", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-04-07T15:55:03.860", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://plugins.trac.wordpress.org/changeset/523576/cms-tree-page-view"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/48510"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://wordpress.org/extend/plugins/cms-tree-page-view/changelog/"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/80573"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/52708"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74337"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://www.htbridge.com/advisory/HTB23083"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}