Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5325

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2012-5325
Last Modified 09 Oct 2012 12:00:00
Published 08 Oct 2012 04:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication SINGLE_INSTANCE

CVE-2012-5325

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the scr_do_redirect function in scr.php in the Shortcode Redirect plugin 1.0.01 and earlier for WordPress allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via the (1) url or (2) sec attributes in a redirect tag.

Vulnerable Systems

Application

  • Cartpauj Shortcode-redirect 1.0.00

  • Cartpauj Shortcode-redirect 1.0.01


References

XF - shortcode-domain-xss(72620)

BID - 51626

MISC - http://packetstormsecurity.org/files/view/108914/wpshortcoderedirect-xss.txt


Last Updated: 27 May 2016 11:00:54