Cross-site Scripting Vulnerability in LeagueManager Plugin for WordPress
CVE-2012-2912

Currently unrated

Key Information:

Vendor: Wordpress
Status: Leaguemanager
Vendor: CVE Published:; 21 May 2012

What is CVE-2012-2912?

The LeagueManager plugin version 3.7 for WordPress contains multiple cross-site scripting vulnerabilities that enable remote attackers to exploit the (1) group parameter in the show-league page and the (2) season parameter in the team page, allowing them to inject arbitrary web scripts or HTML. This type of vulnerability could lead to unauthorized actions being executed on behalf of users, potentially compromising site integrity and user data.

References

http://packetstormsecurity.org/files/112698/WordPress-Lea...

x_refsource_MISC

http://www.securityfocus.com/bid/53525

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/75629

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 21, 2012
Vulnerability Reserved
May 21, 2012

Wordpress

What is CVE-2012-2912?

References

Timeline