Cross-Site Scripting Vulnerability in CMS Tree Page View Plugin for WordPress
CVE-2012-1834

Currently unrated

Key Information:

Vendor: Wordpress
Status: Cms Tree Page View
Vendor: CVE Published:; 7 April 2014

Summary

The CMS Tree Page View plugin for WordPress suffers from a Cross-Site Scripting (XSS) vulnerability due to insufficient validation of user input in the cms_tpv_admin_head function. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML via the 'cms_tpv_view' parameter when accessing wp-admin/options-general.php. If exploited, this could lead to the execution of malicious scripts in the browser of any user accessing the affected administrative features, potentially compromising sensitive information or allowing unauthorized actions.

References

http://secunia.com/advisories/48510

third-party-advisoryx_refsource_SECUNIA

http://www.osvdb.org/80573

vdb-entryx_refsource_OSVDB

http://wordpress.org/extend/plugins/cms-tree-page-view/ch...

x_refsource_CONFIRM

Timeline

Vulnerability published
Apr 7, 2014
Vulnerability Reserved
Mar 21, 2012