Multiple cross-site scripting (XSS) vulnerabilities in the Newsletter Manager plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) xyz_em_campName to admin/create_campaign.php or (2) admin/edit_campaign.php, (3) xyz_em_email parameter to admin/edit_email.php, (4) xyz_em_exportbatchSize parameter to import_export.php, or (5) pagination limit in the Newsletter Manager options.
References
Link | Resource |
---|---|
http://packetstormsecurity.org/files/112694/WordPress-Newsletter-Manager-1.0-Cross-Site-Scripting.html | Exploit |
http://secunia.com/advisories/49183 | Vendor Advisory |
https://plugins.trac.wordpress.org/changeset/533904 | Exploit Patch |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:15:28
Updated: 2022-10-03T16:15:28
Reserved: 2022-10-03T00:00:00
Link: CVE-2012-6628
JSON object: View
NVD Information
Status : Analyzed
Published: 2014-01-16T21:55:44.787
Modified: 2014-01-17T18:50:42.190
Link: CVE-2012-6628
JSON object: View
Redhat Information
No data.
CWE