Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5106

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-5106
Last Modified 24 Aug 2012 12:00:00
Published 23 Aug 2012 04:55:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-5106

Summary

Cross-site scripting (XSS) vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter.

Vulnerable Systems

Application

  • Fractalia Flexible Custom Post Type 0.1

  • Fractalia Flexible Custom Post Type 0.1.3

  • Fractalia Flexible Custom Post Type 0.1.4

  • Fractalia Flexible Custom Post Type 0.1.5


References

XF - flexiblecustomposttype-editpost-xss(71415)

BID - 50719

BUGTRAQ - 20111116 wordpress Flexible Custom Post Type plugin Xss Vulnerabilities

CONFIRM - http://wordpress.org/extend/plugins/flexible-custom-post-type/changelog/

CONFIRM - http://plugins.trac.wordpress.org/changeset?reponame=&new=466252%40flexible-custom-post-type&old=465583%40flexible-custom-post-type


Last Updated: 27 May 2016 10:58:24