Multiple cross-site scripting (XSS) vulnerabilities in Plume CMS 1.2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the u_email parameter (aka Authors Email field) to manager/users.php, (2) the u_realname parameter (aka Authors Name field) to manager/users.php, or (3) the c_author parameter (aka Author field) in an ADD A COMMENT section.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-04-11T10:00:00

Updated: 2024-08-06T19:26:07.776Z

Reserved: 2012-04-04T00:00:00

Link: CVE-2012-2156

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2012-04-11T10:39:27.153

Modified: 2024-11-21T01:38:37.083

Link: CVE-2012-2156

cve-icon Redhat

No data.