CVE-2012-6622

Currently unrated

Key Information:

Vendor: Wordpress
Status: Forumpress
Vendor: CVE Published:; 16 January 2014

Summary

Multiple cross-site scripting (XSS) vulnerabilities in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) groupid parameter in an editgroup action or (2) usergroup_id parameter in an edit_usergroup action.

References

http://secunia.com/advisories/49155

third-party-advisoryx_refsource_SECUNIA

http://wordpress.org/extend/plugins/forum-server/changelog/

x_refsource_CONFIRM

https://plugins.trac.wordpress.org/changeset/532918

x_refsource_CONFIRM

Timeline

Vulnerability published
Jan 16, 2014
Vulnerability Reserved
Jan 16, 2014