Cross-Site Scripting Vulnerability in WP e-Commerce Plugin by WordPress
CVE-2011-5104

Currently unrated

Key Information:

Vendor: Wordpress
Status: WP E-commerce
Vendor: CVE Published:; 23 August 2012

What is CVE-2011-5104?

The WP e-Commerce plugin for WordPress has a Cross-Site Scripting (XSS) vulnerability that affects the wpsc-admin/display-sales-logs.php file. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML via the custom_text parameter. Versions prior to 3.8.7.1 may also be impacted. Attackers exploiting this vulnerability can manipulate user experiences or steal sensitive information by executing malicious scripts in the context of another user’s browser.

References

http://secunia.com/advisories/46957

third-party-advisoryx_refsource_SECUNIA

http://plugins.trac.wordpress.org/changeset?reponame=&new...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/71443

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 23, 2012
Vulnerability Reserved
Aug 23, 2012

Wordpress

What is CVE-2011-5104?

References

Timeline