CVE-2012-3434

{"id": "CVE-2012-3434", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-08-15T21:55:03.713", "references": [{"url": "http://plugins.trac.wordpress.org/changeset/571926/count-per-day", "tags": ["Exploit", "Patch"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/49692", "tags": ["Exploit", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-015.txt", "tags": ["Exploit"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2012/07/24/4", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2012/07/27/2", "source": "secalert@redhat.com"}, {"url": "http://www.osvdb.org/83491", "tags": ["Exploit"], "source": "secalert@redhat.com"}, {"url": "http://www.tomsdimension.de/wp-plugins/count-per-day", "source": "secalert@redhat.com"}, {"url": "http://plugins.trac.wordpress.org/changeset/571926/count-per-day", "tags": ["Exploit", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/49692", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-015.txt", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2012/07/24/4", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2012/07/27/2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/83491", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.tomsdimension.de/wp-plugins/count-per-day", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in userperspan.php in the Count Per Day module before 3.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) datemin, or (3) datemax parameter."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en userperspan.php en el m\u00f3dulo (Count Per Day) anterior a v3.2 para Wordpress permite a atacantes remotos inyectar c\u00f3digo web o HTML arbitrario a trav\u00e9s de (1) una p\u00e1gina, (2) el par\u00e1metro (datemin) o (3) el par\u00e1metro (datemax)."}], "lastModified": "2024-11-21T01:40:52.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tom_braider:count_per_day:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBD13C64-FEE8-42D2-AC90-E09661736185", "versionEndIncluding": "3.1"}, {"criteria": "cpe:2.3:a:tom_braider:count_per_day:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CE88945-2338-4CF0-84E1-CA70A20EBFE1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A77EB0E7-7FA7-4232-97DF-7C7587D163F1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secalert@redhat.com"}