CVE-2013-0734

Currently unrated

Key Information:

Vendor: Wordpress
Status: Mingle-forum
Vendor: CVE Published:; 28 March 2014

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) search_words parameter in a search action to wpf.class.php or (2) togroupusers parameter in an add_user_togroup action to fs-admin/fs-admin.php.

References

http://secunia.com/secunia_research/2013-3

x_refsource_MISC

http://secunia.com/advisories/52167

third-party-advisoryx_refsource_SECUNIA

http://osvdb.org/90433

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Mar 28, 2014
Vulnerability Reserved
Jan 2, 2013