Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5388

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2012-5388
Last Modified 19 Aug 2013 11:18:18
Published 24 Oct 2012 01:55:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2012-5388

Summary

Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, a related issue to CVE-2012-5387.

Vulnerable Systems

Application

  • Videousermanuals White-label-cms 1.5


References

MISC - http://wordpress.org/extend/plugins/white-label-cms/changelog/

EXPLOIT-DB - 22156

BID - 56166

XF - wp-whitelabelcms-admin-xss(79522)

MISC - http://packetstormsecurity.org/files/117590/White-Label-CMS-1.5-Cross-Site-Request-Forgery-Cross-Site-Scripting.html


Last Updated: 27 May 2016 10:51:48