Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

easyXDM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-5212)

Description

Cross-site Scripting (XSS) in EasyXDM before 2.4.18 allows remote attackers to inject arbitrary web script or html via the easyxdm.swf file.

Remediation

References

Related Vulnerabilities

WordPress Plugin Default Facebook Thumbnails Multiple Vulnerabilities (0.4)

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Cross-Site Scripting (3.9.7)

Drupal Core 9.2.x Security Bypass (9.2.0 - 9.2.19)

WordPress Plugin Data Tables Generator by Supsystic Multiple Vulnerabilities (1.9.91)

Moodle Server-Side Request Forgery (SSRF) Vulnerability (CVE-2018-1042)

Severity

Medium

Classification

CVE-2013-5212 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities