CVE-2013-2501

2013-03-2221:55:01

CWE-79

mitre

web.nvd.nist.gov

cve-2013-2501

cross-site scripting

xss

terillion reviews plugin

wordpress

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.083

Percentile

94.4%

JSON

Cross-site scripting (XSS) vulnerability in the Terillion Reviews plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ProfileId field.

Affected configurations

Nvd

Node

terillionterillion_reviews_pluginRange≤1.1

AND

wordpresswordpressMatch-

VendorProductVersionCPE
terillionterillion_reviews_plugin*cpe:2.3:a:terillion:terillion_reviews_plugin:*:*:*:*:*:*:*:*
wordpresswordpress-cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
terillion	terillion_reviews_plugin	*	cpe:2.3:a:terillion:terillion_reviews_plugin::::::::
wordpress	wordpress	-	cpe:2.3:a:wordpress:wordpress:-:::::::*