WordPress Mingle Forum Plugin 'search' Parameter XSS Vulnerability Network Vulnerability

Summary

This host is installed with WordPress Mingle Forum plugin and is prone to cross-site scripting vulnerability.

Impact

Successful exploitation will allow attackers to execute arbitrary web script or HTML in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade to WordPress Mingle Forum Plugin version 1.0.34. For updates refer to http://wordpress.org/extend/plugins/mingle-forum/

Insight

The flaw is due to an input passed via the 'search' parameter is not properly sanitized before being returned to the user.

Affected

WordPress Mingle Forum Plugin version 1.0.33

References

http://tunisianseven.blogspot.in/2012/03/mingle-forum-wordpress-plugin-xss.html

Updated on 2017-03-28

Severity

Classification

CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
Ampache Reflected Cross Site Scripting Vulnerability
Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability

Take action and discover your vulnerabilities