CVE-2012-2920

Cross-site scripting (XSS) vulnerability in the userphoto_options_page function in user-photo.php in the User Photo plugin before 0.9.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to wp-admin/options-general.php. NOTE: some of these details are obtained from third party information.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:user_photo:user_photo:*:*:*:*:*:*:*:*
cpe:2.3:a:user_photo:user_photo:0.7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:user_photo:user_photo:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:user_photo:user_photo:0.7.2:*:*:*:*:*:*:*
cpe:2.3:a:user_photo:user_photo:0.7.3:*:*:*:*:*:*:*
cpe:2.3:a:user_photo:user_photo:0.7.4:*:*:*:*:*:*:*
cpe:2.3:a:user_photo:user_photo:0.7.4b:*:*:*:*:*:*:*
cpe:2.3:a:user_photo:user_photo:0.8:*:*:*:*:*:*:*
cpe:2.3:a:user_photo:user_photo:0.8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:user_photo:user_photo:0.8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:user_photo:user_photo:0.8.0.3:*:*:*:*:*:*:*
cpe:2.3:a:user_photo:user_photo:0.8.0.4:*:*:*:*:*:*:*
cpe:2.3:a:user_photo:user_photo:0.8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:user_photo:user_photo:0.8.1:*:*:*:*:*:*:*
cpe:2.3:a:user_photo:user_photo:0.9:*:*:*:*:*:*:*
cpe:2.3:a:user_photo:user_photo:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:user_photo:user_photo:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:user_photo:user_photo:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:user_photo:user_photo:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:39

Type Values Removed Values Added
References () http://osvdb.org/81806 - () http://osvdb.org/81806 -
References () http://plugins.trac.wordpress.org/changeset?old_path=%2Fuser-photo&old=541880&new_path=%2Fuser-photo&new=541880 - () http://plugins.trac.wordpress.org/changeset?old_path=%2Fuser-photo&old=541880&new_path=%2Fuser-photo&new=541880 -
References () http://secunia.com/advisories/49100 - Vendor Advisory () http://secunia.com/advisories/49100 - Vendor Advisory
References () http://wordpress.org/extend/plugins/user-photo/changelog/ - () http://wordpress.org/extend/plugins/user-photo/changelog/ -
References () http://www.securityfocus.com/bid/53449 - () http://www.securityfocus.com/bid/53449 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/75496 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/75496 -

Information

Published : 2012-05-21 22:55

Updated : 2024-11-21 01:39


NVD link : CVE-2012-2920

Mitre link : CVE-2012-2920

CVE.ORG link : CVE-2012-2920


JSON object : View

Products Affected

user_photo

  • user_photo

wordpress

  • wordpress
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')