Lucene search

[email protected]NVD:CVE-2012-2580

HistoryJun 20, 2014 - 2:55 p.m.

CVE-2012-2580

2014-06-2014:55:05

CWE-79

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.6%

JSON

Cross-site scripting (XSS) vulnerability in the Postie plugin 1.4.3, and possibly before 1.5.15, for WordPress allows remote attackers to inject arbitrary web script or HTML via the From field of an email.

Affected configurations

NVD

Node

postiepluginpostieRange≤1.5.14wordpress

postiepluginpostieMatch1.4.3wordpress

References

osvdb.org/84532

secunia.com/advisories/50207

www.exploit-db.com/exploits/20360

www.securityfocus.com/bid/54909

exchange.xforce.ibmcloud.com/vulnerabilities/77537

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.6%

JSON

Related for NVD:CVE-2012-2580

cve1 wpvulndb1 prion1 patchstack1 cvelist1