CVE-2010-4402

Опубликовано: 06 дек. 2010

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Register Plus plugin 3.5.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) firstname, (2) lastname, (3) website, (4) aim, (5) yahoo, (6) jabber, (7) about, (8) pass1, and (9) pass2 parameters in a register action.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:devbits:register-plus:*:*:*:*:*:*:*:*

Версия до 3.5.1 (включая)

cpe:2.3:a:devbits:register-plus:1.1:*:*:*:*:*:*:*

cpe:2.3:a:devbits:register-plus:1.2:*:*:*:*:*:*:*

cpe:2.3:a:devbits:register-plus:2.0:*:*:*:*:*:*:*

cpe:2.3:a:devbits:register-plus:2.1:*:*:*:*:*:*:*

cpe:2.3:a:devbits:register-plus:2.2:*:*:*:*:*:*:*

cpe:2.3:a:devbits:register-plus:2.3:*:*:*:*:*:*:*

cpe:2.3:a:devbits:register-plus:2.4:*:*:*:*:*:*:*

cpe:2.3:a:devbits:register-plus:2.5:*:*:*:*:*:*:*

cpe:2.3:a:devbits:register-plus:2.6:*:*:*:*:*:*:*

cpe:2.3:a:devbits:register-plus:2.7:*:*:*:*:*:*:*

cpe:2.3:a:devbits:register-plus:2.8:*:*:*:*:*:*:*

cpe:2.3:a:devbits:register-plus:2.9:*:*:*:*:*:*:*

cpe:2.3:a:devbits:register-plus:3.0:*:*:*:*:*:*:*

cpe:2.3:a:devbits:register-plus:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:devbits:register-plus:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:devbits:register-plus:3.1:*:*:*:*:*:*:*

cpe:2.3:a:devbits:register-plus:3.2:*:*:*:*:*:*:*

cpe:2.3:a:devbits:register-plus:3.3:*:*:*:*:*:*:*

cpe:2.3:a:devbits:register-plus:3.4:*:*:*:*:*:*:*

cpe:2.3:a:devbits:register-plus:3.4.1:*:*:*:*:*:*:*

cpe:2.3:a:devbits:register-plus:3.5:*:*:*:*:*:*:*

cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*

EPSS

Процентиль: 58%

0.00373

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2010-4402

ubuntu

больше 14 лет назад

GHSA-vh5q-pcjq-4383

github

около 3 лет назад