Cross-Site Scripting Vulnerability in WP e-Commerce Plugin by WordPress
CVE-2011-5104

Currently unrated

Key Information:

Vendor

Wordpress
Status
WP E-commerce
Vendor
CVE Published:
23 August 2012

What is CVE-2011-5104?

The WP e-Commerce plugin for WordPress has a Cross-Site Scripting (XSS) vulnerability that affects the wpsc-admin/display-sales-logs.php file. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML via the custom_text parameter. Versions prior to 3.8.7.1 may also be impacted. Attackers exploiting this vulnerability can manipulate user experiences or steal sensitive information by executing malicious scripts in the context of another user’s browser.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://secunia.com/advisories/46957
third-party-advisoryx_refsource_SECUNIA
http://plugins.trac.wordpress.org/changeset?reponame=&new...
x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/71443
vdb-entryx_refsource_XF

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.