Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-1409

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2013-1409
Last Modified 04 Mar 2014 11:11:30
Published 03 Mar 2014 11:55:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-1409

Summary

Cross-site scripting (XSS) vulnerability in the CommentLuv plugin before 2.92.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _ajax_nonce parameter to wp-admin/admin-ajax.php.

Vulnerable Systems

Application

  • Commentluv 2.7

  • Commentluv 2.71

  • Commentluv 2.74

  • Commentluv 2.76

  • Commentluv 2.761

  • Commentluv 2.762

  • Commentluv 2.763

  • Commentluv 2.764

  • Commentluv 2.765

  • Commentluv 2.766

  • Commentluv 2.767

  • Commentluv 2.768

  • Commentluv 2.769

  • Commentluv 2.7691

  • Commentluv 2.80

  • Commentluv 2.81

  • Commentluv 2.81.1

  • Commentluv 2.81.2

  • Commentluv 2.81.3

  • Commentluv 2.81.4

  • Commentluv 2.81.5

  • Commentluv 2.81.6

  • Commentluv 2.81.7

  • Commentluv 2.81.8

  • Commentluv 2.90.1

  • Commentluv 2.90.3

  • Commentluv 2.90.5

  • Commentluv 2.90.6

  • Commentluv 2.90.7

  • Commentluv 2.90.8

  • Commentluv 2.90.8.1

  • Commentluv 2.90.8.2

  • Commentluv 2.90.8.3

  • Commentluv 2.90.9

  • Commentluv 2.90.9.1

  • Commentluv 2.90.9.2

  • Commentluv 2.90.9.3

  • Commentluv 2.90.9.4

  • Commentluv 2.90.9.5

  • Commentluv 2.90.9.6

  • Commentluv 2.90.9.7

  • Commentluv 2.90.9.8

  • Commentluv 2.90.9.9

  • Commentluv 2.90.9.9.1

  • Commentluv 2.90.9.9.2

  • Commentluv 2.90.9.9.3

  • Commentluv 2.91

  • Commentluv 2.91.1

  • Commentluv 2.92

  • Commentluv 2.92.1

  • Commentluv 2.92.2

  • Commentluv 2.92.3


References

MISC - https://www.htbridge.com/advisory/HTB23138

MISC - http://wordpress.org/plugins/commentluv/changelog

MISC - http://packetstormsecurity.com/files/120090/WordPress-CommentLuv-2.92.3-Cross-Site-Scripting.html

OSVDB - 89925

BUGTRAQ - 20130206 Cross-Site Scripting (XSS) Vulnerability in CommentLuv WordPress Plugin


Last Updated: 27 May 2016 11:04:32