Multiple cross-site scripting (XSS) vulnerabilities in the Adminimize plugin before 1.7.22 for WordPress allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) inc-options/deinstall_options.php, (2) inc-options/theme_options.php, or (3) inc-options/im_export_options.php, or the (4) post or (5) post_ID parameters to adminimize.php, different vectors than CVE-2011-4926.
References
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2012-08-28 21:39
Updated : 2012-08-28 21:39
NVD link : CVE-2011-5128
Mitre link : CVE-2011-5128
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
bueltge
- adminimize
wordpress
- wordpress