XSS vulnerability in CMS Tree Page View Wordpress Plugin
Advisory ID: | HTB23083 |
Product: | CMS Tree Page View Wordpress Plugin |
Vendor: | Par Thernstrom |
Vulnerable Versions: | 0.8.8 and probably prior |
Tested Version: | 0.8.8 |
Advisory Publication: | March 21, 2012 [without technical details] |
Vendor Notification: | March 21, 2012 |
Vendor Fix: | March 26, 2012 |
Public Disclosure: | April 11, 2012 |
Latest Update: | March 26, 2012 |
Vulnerability Type: | Cross-Site Scripting [CWE-79] |
CVE Reference: | CVE-2012-1834 |
Risk Level: | Medium |
![]() | |
CVSSv2 Base Score: | 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) |
Solution Status: | Fixed by Vendor |
Discovered and Provided: | High-Tech Bridge Security Research Lab |
Advisory Details: | |
High-Tech Bridge SA Security Research Lab has discovered vulnerability in CMS Tree Page View Wordpress Plugin, which can be exploited to perform Cross-Site Scripting (XSS) attacks. | |
Solution: | |
Upgrade to 0.8.9 More Information: http://wordpress.org/extend/plugins/cms-tree-page-view/changelog/ http://plugins.trac.wordpress.org/changeset/523576/cms-tree-page-view#file52 | |
References: | |
[1] High-Tech Bridge Advisory HTB23083 - https://www.htbridge.com/advisory/HTB23083 - XSS vulnerability in CMS Tree Page View Wordpress Plugin. [2] CMS Tree Page View Wordpress Plugin - http://eskapism.se - Plugin for WordPress that adds a CMS-like tree overview of all your pages. [3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures. [4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types. | |
Please feel free to send us any additional information related to this Advisory, such as vulnerable versions, additional exploitation details and conditions, patches and other relevant details.