Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) search_words parameter in a search action to wpf.class.php or (2) togroupusers parameter in an add_user_togroup action to fs-admin/fs-admin.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cartpauj | Mingle-Forum | <= 1.0.33 |
| Wordpress | Wordpress | - |
Related Weaknesses (CWE)
References
- http://osvdb.org/90432
- http://osvdb.org/90433
- http://secunia.com/advisories/52167Vendor Advisory
- http://secunia.com/secunia_research/2013-3Vendor Advisory
- http://www.securityfocus.com/bid/58059
- https://exchange.xforce.ibmcloud.com/vulnerabilities/82187
- http://osvdb.org/90432
- http://osvdb.org/90433
- http://secunia.com/advisories/52167Vendor Advisory
- http://secunia.com/secunia_research/2013-3Vendor Advisory
- http://www.securityfocus.com/bid/58059
- https://exchange.xforce.ibmcloud.com/vulnerabilities/82187
FAQ
What is CVE-2013-0734?
CVE-2013-0734 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) search_words parame...
How severe is CVE-2013-0734?
CVE-2013-0734 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-0734?
Check the references section above for vendor advisories and patch information. Affected products include: Cartpauj Mingle-Forum, Wordpress Wordpress.