CVE-2013-0237

CVE-2013-0237

EPSS 3.1%

Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://codex.wordpress.org/Version_3.5.1 https://bugzilla.redhat.com/show_bug.cgi?id=904122 https://github.com/moxiecode/plupload/commit/2d746ee9083c184f1234d8fed311e89bdd1b39e5 http://wordpress.org/news/2013/01/wordpress-3-5-1/