CVE-2012-4271
Published Aug 13, 2012
Last updated 7 years ago
Overview
- Description
- Multiple cross-site scripting (XSS) vulnerabilities in bad-behavior-wordpress-admin.php in the Bad Behavior plugin before 2.0.47 and 2.2.x before 2.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) httpbl_key, (3) httpbl_maxage, (4) httpbl_threat, (5) reverse_proxy_addresses, or (6) reverse_proxy_header parameter.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mark_jaquith:bad_behavior:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9564311A-3398-4FD8-AC8F-FDD98C9054C5",
"versionEndIncluding": "2.0.46"
},
{
"criteria": "cpe:2.3:a:mark_jaquith:bad_behavior:2.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8001826A-EA3D-4593-8808-CC4F0F7C4940"
},
{
"criteria": "cpe:2.3:a:mark_jaquith:bad_behavior:2.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BE98A597-437F-46E0-A707-E7B986D71284"
},
{
"criteria": "cpe:2.3:a:mark_jaquith:bad_behavior:2.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ED220E2B-FA47-417C-9D4A-AE5412E613AC"
},
{
"criteria": "cpe:2.3:a:mark_jaquith:bad_behavior:2.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C770A4D4-9EAA-4424-A8D5-014B8CC6AD5C"
},
{
"criteria": "cpe:2.3:a:mark_jaquith:bad_behavior:2.2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0241471A-DC55-470A-87B2-7594FF00AF8B"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A77EB0E7-7FA7-4232-97DF-7C7587D163F1"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]