CVE

Id
53094  
CVE No.
CVE-2011-5182  
Status
Candidate  
Description
** DISPUTED ** Cross-site scripting (XSS) vulnerability in lanoba-social-plugin/index.php in the Lanoba Social plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the vendor disputes this issue, stating "Lanoba"s plug in does sanitize user input, and because that input is never sent to the browser, an attacker has no way of executing script or code on a user"s behalf."  
Phase
Assigned (20120919)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
561982 53094 CVE-2011-5182 BUGTRAQ:20111119 wordpress Lanoba Social Plugin Xss Vulnerabilities  View
561983 53094 CVE-2011-5182 URL:http://www.securityfocus.com/archive/1/archive/1/520574/100/0/threaded  View
561984 53094 CVE-2011-5182 BUGTRAQ:20111129 Re: Re: wordpress Lanoba Social Plugin Xss Vulnerabilities  View
561985 53094 CVE-2011-5182 URL:http://www.securityfocus.com/archive/1/archive/1/520678/100/0/threaded  View
561986 53094 CVE-2011-5182 MISC:https://wordpress.org/support/topic/plugin-lanoba-social-plugin-xss-vulnerabilities  View
561987 53094 CVE-2011-5182 BID:50746  View
561988 53094 CVE-2011-5182 URL:http://www.securityfocus.com/bid/50746  View
561989 53094 CVE-2011-5182 XF:lanobasocial-index-xss(71411)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
34927 JVNDB-2011-005169 Drupal 用 Support Ticketing System モジュールにおけるクロスサイトスクリプティングの脆弱性 Drupal 用 Support Ticketing System モジュールには、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2011-5187 53094 2.1 http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-005169.html  View