Multiple cross-site scripting (XSS) vulnerabilities in Plume CMS 1.2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the u_email parameter (aka Authors Email field) to manager/users.php, (2) the u_realname parameter (aka Authors Name field) to manager/users.php, or (3) the c_author parameter (aka Author field) in an ADD A COMMENT section.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2012-04-11T10:00:00
Updated: 2024-08-06T19:26:07.776Z
Reserved: 2012-04-04T00:00:00
Link: CVE-2012-2156
Vulnrichment
No data.
NVD
Status : Modified
Published: 2012-04-11T10:39:27.153
Modified: 2024-11-21T01:38:37.083
Link: CVE-2012-2156
Redhat
No data.