Back to search
CVE-2012-1834
Published: Apr 7, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
Cross-site scripting (XSS) vulnerability in the cms_tpv_admin_head function in functions.php in the CMS Tree Page View plugin before 0.8.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cms_tpv_view parameter to wp-admin/options-general.php.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
48510
third-party-advisory
x_refsource_SECUNIA
80573
vdb-entry
x_refsource_OSVDB
http://wordpress.org/extend/plugins/cms-tree-page-view/changelog/
x_refsource_CONFIRM
https://www.htbridge.com/advisory/HTB23083
x_refsource_MISC
wordpress-cmstree-edit-xss(74337)
vdb-entry
x_refsource_XF
52708
vdb-entry
x_refsource_BID
http://plugins.trac.wordpress.org/changeset/523576/cms-tree-page-view
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now