Vulnerability Name: | CVE-2012-4268 (CCN-75522) | ||||||||
Assigned: | 2012-05-11 | ||||||||
Published: | 2012-05-11 | ||||||||
Updated: | 2017-08-29 | ||||||||
Summary: | Cross-site scripting (XSS) vulnerability in bulletproof-security/admin/options.php in the BulletProof Security plugin before .47.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_ACCEPT_ENCODING header. | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.1 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:UR)
4.1 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:UR)
| ||||||||
Vulnerability Type: | CWE-79 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2012-4268 Source: CCN Type: Packetstorm Security Website WordPress BulletProof Security Cross Site Scripting Source: MISC Type: Exploit http://packetstormsecurity.org/files/112618/WordPress-BulletProof-Security-Cross-Site-Scripting.html Source: CONFIRM Type: Exploit, Patch http://plugins.trac.wordpress.org/changeset?old_path=%2Fbulletproof-security&old=543044&new_path=%2Fbulletproof-security&new=543044 Source: CCN Type: WordPress Web Site WordPress Blog Tool, Publishing Platform, and CMS Source: CONFIRM Type: UNKNOWN http://wordpress.org/extend/plugins/bulletproof-security/changelog/ Source: CCN Type: OSVDB ID: 84736 BulletProof Security Plugin for WordPress bulletproof-security/admin/options.php HTTP_ACCEPT_ENCODING Header XSS Source: BID Type: UNKNOWN 53478 Source: CCN Type: BID-53478 WordPress BulletProof Security 'Accept-Encoding' Header Cross Site Scripting Vulnerability Source: XF Type: UNKNOWN bulletproofsecurity-admin-xss(75522) Source: XF Type: UNKNOWN bulletproofsecurity-admin-xss(75522) | ||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
BACK |