Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6312

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-6312
Last Modified 28 Dec 2012 12:00:00
Published 11 Dec 2012 07:18:37
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-6312

Summary

Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter in a video-lead-form action to wp-admin/admin.php.

Vulnerable Systems

Application

  • Video-lead-form Uk-cookie -


References

MISC - http://wordpress.org/extend/plugins/video-lead-form/changelog/

BUGTRAQ - 20121207 Update on CVE assigned for Video Lead Form Plugin Cross-Site


Last Updated: 27 May 2016 11:01:28