Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2012-6622

Multiple cross-site scripting (XSS) vulnerabilities in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) groupid parameter in an editgroup action or (2) usergroup_id parameter in an edit_usergroup action.

Published

2014-01-16T21:55:08.533

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	vasthtml	forumpress	≤ 1.7.4	Yes
Application	vasthtml	forumpress	1.0	Yes
Application	vasthtml	forumpress	1.1	Yes
Application	vasthtml	forumpress	1.2	Yes
Application	vasthtml	forumpress	1.3	Yes
Application	vasthtml	forumpress	1.4	Yes
Application	vasthtml	forumpress	1.5	Yes
Application	vasthtml	forumpress	1.5.1	Yes
Application	vasthtml	forumpress	1.5.2	Yes
Application	vasthtml	forumpress	1.6	Yes
Application	vasthtml	forumpress	1.6.2	Yes
Application	vasthtml	forumpress	1.6.3	Yes
Application	vasthtml	forumpress	1.6.4	Yes
Application	vasthtml	forumpress	1.6.5	Yes
Application	vasthtml	forumpress	1.6.6	Yes
Application	vasthtml	forumpress	1.6.7	Yes
Application	vasthtml	forumpress	1.6.8	Yes
Application	vasthtml	forumpress	1.6.9	Yes
Application	vasthtml	forumpress	1.7	Yes
Application	vasthtml	forumpress	1.7.1	Yes
Application	vasthtml	forumpress	1.7.2	Yes
Application	vasthtml	forumpress	1.7.3	Yes

References

http://packetstormsecurity.org/files/112703/WordPress-WP-Forum-Server-1.7.3-SQL-Injection-Cross-Site-Scripting.html Exploit ([email protected])
http://secunia.com/advisories/49155 Vendor Advisory ([email protected])
http://wordpress.org/extend/plugins/forum-server/changelog/ Patch, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/53530 ([email protected])
https://plugins.trac.wordpress.org/changeset/532918 ([email protected])
http://packetstormsecurity.org/files/112703/WordPress-WP-Forum-Server-1.7.3-SQL-Injection-Cross-Site-Scripting.html Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/49155 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://wordpress.org/extend/plugins/forum-server/changelog/ Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/53530 (af854a3a-2127-422b-91ae-364da2661108)
https://plugins.trac.wordpress.org/changeset/532918 (af854a3a-2127-422b-91ae-364da2661108)