QwikSec

Security Database

CVE

CWE

Training

CVE-2011-5104

Published: Aug 23, 2012

Modified: Aug 7, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in wpsc-admin/display-sales-logs.php in WP e-Commerce plugin 3.8.7.1 and possibly earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the custom_text parameter. NOTE: some of these details are obtained from third party information.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SECUNIA

http://plugins.trac.wordpress.org/changeset?reponame=&new=463447%40wp-e-commerce&old=463446%40wp-e-commerce

x_refsource_MISC

wpecommerce-index-xss(71443)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_OSVDB

vdb-entry

x_refsource_BID

http://wordpress.org/extend/plugins/wp-e-commerce/changelog/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.