Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5264

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-5264
Last Modified 13 Feb 2013 12:00:00
Published 12 Feb 2013 03:55:04
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-5264

Summary

Cross-site scripting (XSS) vulnerability in lazyest-backup.php in the Lazyest Backup plugin before 0.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xml_or_all parameter.

Vulnerable Systems

Application

  • Marcel Brinkkemper Lazyest-backup 0.1.0

  • Marcel Brinkkemper Lazyest-backup 0.2.0

  • Marcel Brinkkemper Lazyest-backup 0.2.1


References

XF - lazyestbackup-xmlorall-xss(71650)

BID - 50900

OSVDB - 77493

CONFIRM - http://wordpress.org/extend/plugins/lazyest-backup/changelog/

SECUNIA - 47092

CONFIRM - http://plugins.trac.wordpress.org/changeset?reponame=&new=470737%40lazyest-backup&old=468541%40lazyest-backup


Last Updated: 27 May 2016 10:58:33