Vulnerability-Lookup

CVE-2012-6622 (GCVE-0-2012-6622)

Vulnerability from cvelistv5 – Published: 2014-01-16 21:00 – Updated: 2024-08-06 21:36

Summary

Multiple cross-site scripting (XSS) vulnerabilities in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) groupid parameter in an editgroup action or (2) usergroup_id parameter in an edit_usergroup action.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/49155	third-party-advisoryx_refsource_SECUNIA
	http://wordpress.org/extend/plugins/forum-server/…	x_refsource_CONFIRM
	https://plugins.trac.wordpress.org/changeset/532918	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/53530	vdb-entryx_refsource_BID
	http://packetstormsecurity.org/files/112703/WordP…	x_refsource_MISC

Date Public ?

2012-05-15 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:36:01.553Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "49155",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49155"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wordpress.org/extend/plugins/forum-server/changelog/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/changeset/532918"
          },
          {
            "name": "53530",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/53530"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.org/files/112703/WordPress-WP-Forum-Server-1.7.3-SQL-Injection-Cross-Site-Scripting.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-05-15T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) groupid parameter in an editgroup action or (2) usergroup_id parameter in an edit_usergroup action."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-06T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "49155",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49155"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wordpress.org/extend/plugins/forum-server/changelog/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://plugins.trac.wordpress.org/changeset/532918"
        },
        {
          "name": "53530",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/53530"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.org/files/112703/WordPress-WP-Forum-Server-1.7.3-SQL-Injection-Cross-Site-Scripting.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-6622",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) groupid parameter in an editgroup action or (2) usergroup_id parameter in an edit_usergroup action."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "49155",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/49155"
            },
            {
              "name": "http://wordpress.org/extend/plugins/forum-server/changelog/",
              "refsource": "CONFIRM",
              "url": "http://wordpress.org/extend/plugins/forum-server/changelog/"
            },
            {
              "name": "https://plugins.trac.wordpress.org/changeset/532918",
              "refsource": "CONFIRM",
              "url": "https://plugins.trac.wordpress.org/changeset/532918"
            },
            {
              "name": "53530",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/53530"
            },
            {
              "name": "http://packetstormsecurity.org/files/112703/WordPress-WP-Forum-Server-1.7.3-SQL-Injection-Cross-Site-Scripting.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.org/files/112703/WordPress-WP-Forum-Server-1.7.3-SQL-Injection-Cross-Site-Scripting.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-6622",
    "datePublished": "2014-01-16T21:00:00.000Z",
    "dateReserved": "2014-01-16T00:00:00.000Z",
    "dateUpdated": "2024-08-06T21:36:01.553Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2012-6622",
      "date": "2026-04-24",
      "epss": "0.04086",
      "percentile": "0.88598"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vasthtml:forumpress:*:-:-:*:-:wordpress:*:*\", \"versionEndIncluding\": \"1.7.4\", \"matchCriteriaId\": \"7DE1FCA6-0FFB-4E21-89EB-67DEB207A160\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vasthtml:forumpress:1.0:-:-:*:-:wordpress:*:*\", \"matchCriteriaId\": \"ED0011BC-EC52-4A41-A100-163B27446558\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vasthtml:forumpress:1.1:-:-:*:-:wordpress:*:*\", \"matchCriteriaId\": \"091F53B6-D32E-4DEE-8D02-F775868648E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vasthtml:forumpress:1.2:-:-:*:-:wordpress:*:*\", \"matchCriteriaId\": \"CD493B30-DCB9-4FAC-9441-CACD70F59353\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vasthtml:forumpress:1.3:-:-:*:-:wordpress:*:*\", \"matchCriteriaId\": \"B697EF72-29AD-4059-BF71-F49EA23CB8ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vasthtml:forumpress:1.4:-:-:*:-:wordpress:*:*\", \"matchCriteriaId\": \"25E04C3F-C0E8-4BAF-9DAE-1D3119CB58F8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vasthtml:forumpress:1.5:-:-:*:-:wordpress:*:*\", \"matchCriteriaId\": \"B3C27AA1-5DAC-4496-A05A-D5E18A623D02\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vasthtml:forumpress:1.5.1:-:-:*:-:wordpress:*:*\", \"matchCriteriaId\": \"B9A27934-D2F3-45FD-B9F1-AB2EF356EEDB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vasthtml:forumpress:1.5.2:-:-:*:-:wordpress:*:*\", \"matchCriteriaId\": \"FD94030B-FD8B-412F-8896-E2C8AF4F2122\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vasthtml:forumpress:1.6:-:-:*:-:wordpress:*:*\", \"matchCriteriaId\": \"41000CAF-A103-4BC8-94ED-22741F161F12\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vasthtml:forumpress:1.6.2:-:-:*:-:wordpress:*:*\", \"matchCriteriaId\": \"31697454-8FE4-4555-BABE-F1C4A0C01EA2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vasthtml:forumpress:1.6.3:-:-:*:-:wordpress:*:*\", \"matchCriteriaId\": \"5C75483E-FD07-412C-9722-8135658A9AAC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vasthtml:forumpress:1.6.4:-:-:*:-:wordpress:*:*\", \"matchCriteriaId\": \"9EE9DEF1-430E-4CD4-9DF4-CAFE97D425E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vasthtml:forumpress:1.6.5:-:-:*:-:wordpress:*:*\", \"matchCriteriaId\": \"7F06D316-C303-4673-BA8C-16DC19ED7BB1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vasthtml:forumpress:1.6.6:-:-:*:-:wordpress:*:*\", \"matchCriteriaId\": \"1865B793-170B-49D7-A788-0758391C2C4E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vasthtml:forumpress:1.6.7:-:-:*:-:wordpress:*:*\", \"matchCriteriaId\": \"2970E25D-32AB-4DED-B573-AE296E3ABFC6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vasthtml:forumpress:1.6.8:-:-:*:-:wordpress:*:*\", \"matchCriteriaId\": \"3AA6E04D-50FB-45D0-BD28-154307BE3444\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vasthtml:forumpress:1.6.9:-:-:*:-:wordpress:*:*\", \"matchCriteriaId\": \"3EE637AB-E282-494A-AC56-0893FF296A71\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vasthtml:forumpress:1.7:-:-:*:-:wordpress:*:*\", \"matchCriteriaId\": \"475293DD-1D29-460A-8891-20C6DAC69F5E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vasthtml:forumpress:1.7.1:-:-:*:-:wordpress:*:*\", \"matchCriteriaId\": \"93292F02-BCC9-4C19-961E-03A3056DC6AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vasthtml:forumpress:1.7.2:-:-:*:-:wordpress:*:*\", \"matchCriteriaId\": \"4196969E-0797-4DD4-B790-877ABD3BA708\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vasthtml:forumpress:1.7.3:-:-:*:-:wordpress:*:*\", \"matchCriteriaId\": \"8D6E6667-8609-407D-A40A-7C5423B60243\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple cross-site scripting (XSS) vulnerabilities in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) groupid parameter in an editgroup action or (2) usergroup_id parameter in an edit_usergroup action.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples vulnerabilidades cross-site scripting (XSS) en fs-admin/fs-admin.php en el plugin ForumPress WP Forum Server anteriores a 1.7.4 para WordPress permite a atacantes remotos inyectar script web o HTML de forma arbitraria a trav\\u00e9s de (1) el par\\u00e1metro groupip en una acci\\u00f3n de editgroup o (2) el par\\u00e1metro usergroup_id en una acci\\u00f3n edit_usergroup.\"}]",
      "id": "CVE-2012-6622",
      "lastModified": "2024-11-21T01:46:31.670",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2014-01-16T21:55:08.533",
      "references": "[{\"url\": \"http://packetstormsecurity.org/files/112703/WordPress-WP-Forum-Server-1.7.3-SQL-Injection-Cross-Site-Scripting.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/49155\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://wordpress.org/extend/plugins/forum-server/changelog/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/53530\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://plugins.trac.wordpress.org/changeset/532918\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://packetstormsecurity.org/files/112703/WordPress-WP-Forum-Server-1.7.3-SQL-Injection-Cross-Site-Scripting.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/49155\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://wordpress.org/extend/plugins/forum-server/changelog/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/53530\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://plugins.trac.wordpress.org/changeset/532918\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2012-6622\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2014-01-16T21:55:08.533\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site scripting (XSS) vulnerabilities in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) groupid parameter in an editgroup action or (2) usergroup_id parameter in an edit_usergroup action.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades cross-site scripting (XSS) en fs-admin/fs-admin.php en el plugin ForumPress WP Forum Server anteriores a 1.7.4 para WordPress permite a atacantes remotos inyectar script web o HTML de forma arbitraria a trav\u00e9s de (1) el par\u00e1metro groupip en una acci\u00f3n de editgroup o (2) el par\u00e1metro usergroup_id en una acci\u00f3n edit_usergroup.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vasthtml:forumpress:*:-:-:*:-:wordpress:*:*\",\"versionEndIncluding\":\"1.7.4\",\"matchCriteriaId\":\"7DE1FCA6-0FFB-4E21-89EB-67DEB207A160\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vasthtml:forumpress:1.0:-:-:*:-:wordpress:*:*\",\"matchCriteriaId\":\"ED0011BC-EC52-4A41-A100-163B27446558\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vasthtml:forumpress:1.1:-:-:*:-:wordpress:*:*\",\"matchCriteriaId\":\"091F53B6-D32E-4DEE-8D02-F775868648E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vasthtml:forumpress:1.2:-:-:*:-:wordpress:*:*\",\"matchCriteriaId\":\"CD493B30-DCB9-4FAC-9441-CACD70F59353\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vasthtml:forumpress:1.3:-:-:*:-:wordpress:*:*\",\"matchCriteriaId\":\"B697EF72-29AD-4059-BF71-F49EA23CB8ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vasthtml:forumpress:1.4:-:-:*:-:wordpress:*:*\",\"matchCriteriaId\":\"25E04C3F-C0E8-4BAF-9DAE-1D3119CB58F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vasthtml:forumpress:1.5:-:-:*:-:wordpress:*:*\",\"matchCriteriaId\":\"B3C27AA1-5DAC-4496-A05A-D5E18A623D02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vasthtml:forumpress:1.5.1:-:-:*:-:wordpress:*:*\",\"matchCriteriaId\":\"B9A27934-D2F3-45FD-B9F1-AB2EF356EEDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vasthtml:forumpress:1.5.2:-:-:*:-:wordpress:*:*\",\"matchCriteriaId\":\"FD94030B-FD8B-412F-8896-E2C8AF4F2122\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vasthtml:forumpress:1.6:-:-:*:-:wordpress:*:*\",\"matchCriteriaId\":\"41000CAF-A103-4BC8-94ED-22741F161F12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vasthtml:forumpress:1.6.2:-:-:*:-:wordpress:*:*\",\"matchCriteriaId\":\"31697454-8FE4-4555-BABE-F1C4A0C01EA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vasthtml:forumpress:1.6.3:-:-:*:-:wordpress:*:*\",\"matchCriteriaId\":\"5C75483E-FD07-412C-9722-8135658A9AAC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vasthtml:forumpress:1.6.4:-:-:*:-:wordpress:*:*\",\"matchCriteriaId\":\"9EE9DEF1-430E-4CD4-9DF4-CAFE97D425E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vasthtml:forumpress:1.6.5:-:-:*:-:wordpress:*:*\",\"matchCriteriaId\":\"7F06D316-C303-4673-BA8C-16DC19ED7BB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vasthtml:forumpress:1.6.6:-:-:*:-:wordpress:*:*\",\"matchCriteriaId\":\"1865B793-170B-49D7-A788-0758391C2C4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vasthtml:forumpress:1.6.7:-:-:*:-:wordpress:*:*\",\"matchCriteriaId\":\"2970E25D-32AB-4DED-B573-AE296E3ABFC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vasthtml:forumpress:1.6.8:-:-:*:-:wordpress:*:*\",\"matchCriteriaId\":\"3AA6E04D-50FB-45D0-BD28-154307BE3444\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vasthtml:forumpress:1.6.9:-:-:*:-:wordpress:*:*\",\"matchCriteriaId\":\"3EE637AB-E282-494A-AC56-0893FF296A71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vasthtml:forumpress:1.7:-:-:*:-:wordpress:*:*\",\"matchCriteriaId\":\"475293DD-1D29-460A-8891-20C6DAC69F5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vasthtml:forumpress:1.7.1:-:-:*:-:wordpress:*:*\",\"matchCriteriaId\":\"93292F02-BCC9-4C19-961E-03A3056DC6AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vasthtml:forumpress:1.7.2:-:-:*:-:wordpress:*:*\",\"matchCriteriaId\":\"4196969E-0797-4DD4-B790-877ABD3BA708\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vasthtml:forumpress:1.7.3:-:-:*:-:wordpress:*:*\",\"matchCriteriaId\":\"8D6E6667-8609-407D-A40A-7C5423B60243\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.org/files/112703/WordPress-WP-Forum-Server-1.7.3-SQL-Injection-Cross-Site-Scripting.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/49155\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://wordpress.org/extend/plugins/forum-server/changelog/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/53530\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://plugins.trac.wordpress.org/changeset/532918\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://packetstormsecurity.org/files/112703/WordPress-WP-Forum-Server-1.7.3-SQL-Injection-Cross-Site-Scripting.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/49155\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://wordpress.org/extend/plugins/forum-server/changelog/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/53530\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://plugins.trac.wordpress.org/changeset/532918\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2012-6622

Vulnerability from fkie_nvd - Published: 2014-01-16 21:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.org/files/112703/WordPress-WP-Forum-Server-1.7.3-SQL-Injection-Cross-Site-Scripting.html	Exploit
cve@mitre.org	http://secunia.com/advisories/49155	Vendor Advisory
cve@mitre.org	http://wordpress.org/extend/plugins/forum-server/changelog/	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/53530
cve@mitre.org	https://plugins.trac.wordpress.org/changeset/532918
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.org/files/112703/WordPress-WP-Forum-Server-1.7.3-SQL-Injection-Cross-Site-Scripting.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/49155	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://wordpress.org/extend/plugins/forum-server/changelog/	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/53530
af854a3a-2127-422b-91ae-364da2661108	https://plugins.trac.wordpress.org/changeset/532918

Impacted products

Vendor	Product	Version
vasthtml	forumpress	*
vasthtml	forumpress	1.0
vasthtml	forumpress	1.1
vasthtml	forumpress	1.2
vasthtml	forumpress	1.3
vasthtml	forumpress	1.4
vasthtml	forumpress	1.5
vasthtml	forumpress	1.5.1
vasthtml	forumpress	1.5.2
vasthtml	forumpress	1.6
vasthtml	forumpress	1.6.2
vasthtml	forumpress	1.6.3
vasthtml	forumpress	1.6.4
vasthtml	forumpress	1.6.5
vasthtml	forumpress	1.6.6
vasthtml	forumpress	1.6.7
vasthtml	forumpress	1.6.8
vasthtml	forumpress	1.6.9
vasthtml	forumpress	1.7
vasthtml	forumpress	1.7.1
vasthtml	forumpress	1.7.2
vasthtml	forumpress	1.7.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vasthtml:forumpress:*:-:-:*:-:wordpress:*:*",
              "matchCriteriaId": "7DE1FCA6-0FFB-4E21-89EB-67DEB207A160",
              "versionEndIncluding": "1.7.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vasthtml:forumpress:1.0:-:-:*:-:wordpress:*:*",
              "matchCriteriaId": "ED0011BC-EC52-4A41-A100-163B27446558",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vasthtml:forumpress:1.1:-:-:*:-:wordpress:*:*",
              "matchCriteriaId": "091F53B6-D32E-4DEE-8D02-F775868648E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vasthtml:forumpress:1.2:-:-:*:-:wordpress:*:*",
              "matchCriteriaId": "CD493B30-DCB9-4FAC-9441-CACD70F59353",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vasthtml:forumpress:1.3:-:-:*:-:wordpress:*:*",
              "matchCriteriaId": "B697EF72-29AD-4059-BF71-F49EA23CB8ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vasthtml:forumpress:1.4:-:-:*:-:wordpress:*:*",
              "matchCriteriaId": "25E04C3F-C0E8-4BAF-9DAE-1D3119CB58F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vasthtml:forumpress:1.5:-:-:*:-:wordpress:*:*",
              "matchCriteriaId": "B3C27AA1-5DAC-4496-A05A-D5E18A623D02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vasthtml:forumpress:1.5.1:-:-:*:-:wordpress:*:*",
              "matchCriteriaId": "B9A27934-D2F3-45FD-B9F1-AB2EF356EEDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vasthtml:forumpress:1.5.2:-:-:*:-:wordpress:*:*",
              "matchCriteriaId": "FD94030B-FD8B-412F-8896-E2C8AF4F2122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vasthtml:forumpress:1.6:-:-:*:-:wordpress:*:*",
              "matchCriteriaId": "41000CAF-A103-4BC8-94ED-22741F161F12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vasthtml:forumpress:1.6.2:-:-:*:-:wordpress:*:*",
              "matchCriteriaId": "31697454-8FE4-4555-BABE-F1C4A0C01EA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vasthtml:forumpress:1.6.3:-:-:*:-:wordpress:*:*",
              "matchCriteriaId": "5C75483E-FD07-412C-9722-8135658A9AAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vasthtml:forumpress:1.6.4:-:-:*:-:wordpress:*:*",
              "matchCriteriaId": "9EE9DEF1-430E-4CD4-9DF4-CAFE97D425E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vasthtml:forumpress:1.6.5:-:-:*:-:wordpress:*:*",
              "matchCriteriaId": "7F06D316-C303-4673-BA8C-16DC19ED7BB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vasthtml:forumpress:1.6.6:-:-:*:-:wordpress:*:*",
              "matchCriteriaId": "1865B793-170B-49D7-A788-0758391C2C4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vasthtml:forumpress:1.6.7:-:-:*:-:wordpress:*:*",
              "matchCriteriaId": "2970E25D-32AB-4DED-B573-AE296E3ABFC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vasthtml:forumpress:1.6.8:-:-:*:-:wordpress:*:*",
              "matchCriteriaId": "3AA6E04D-50FB-45D0-BD28-154307BE3444",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vasthtml:forumpress:1.6.9:-:-:*:-:wordpress:*:*",
              "matchCriteriaId": "3EE637AB-E282-494A-AC56-0893FF296A71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vasthtml:forumpress:1.7:-:-:*:-:wordpress:*:*",
              "matchCriteriaId": "475293DD-1D29-460A-8891-20C6DAC69F5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vasthtml:forumpress:1.7.1:-:-:*:-:wordpress:*:*",
              "matchCriteriaId": "93292F02-BCC9-4C19-961E-03A3056DC6AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vasthtml:forumpress:1.7.2:-:-:*:-:wordpress:*:*",
              "matchCriteriaId": "4196969E-0797-4DD4-B790-877ABD3BA708",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vasthtml:forumpress:1.7.3:-:-:*:-:wordpress:*:*",
              "matchCriteriaId": "8D6E6667-8609-407D-A40A-7C5423B60243",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) groupid parameter in an editgroup action or (2) usergroup_id parameter in an edit_usergroup action."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades cross-site scripting (XSS) en fs-admin/fs-admin.php en el plugin ForumPress WP Forum Server anteriores a 1.7.4 para WordPress permite a atacantes remotos inyectar script web o HTML de forma arbitraria a trav\u00e9s de (1) el par\u00e1metro groupip en una acci\u00f3n de editgroup o (2) el par\u00e1metro usergroup_id en una acci\u00f3n edit_usergroup."
    }
  ],
  "id": "CVE-2012-6622",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-01-16T21:55:08.533",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://packetstormsecurity.org/files/112703/WordPress-WP-Forum-Server-1.7.3-SQL-Injection-Cross-Site-Scripting.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/49155"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://wordpress.org/extend/plugins/forum-server/changelog/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/53530"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://plugins.trac.wordpress.org/changeset/532918"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://packetstormsecurity.org/files/112703/WordPress-WP-Forum-Server-1.7.3-SQL-Injection-Cross-Site-Scripting.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/49155"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://wordpress.org/extend/plugins/forum-server/changelog/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/53530"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://plugins.trac.wordpress.org/changeset/532918"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2012-6622

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2012-6622

Aliases

CVE-2012-6622

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-6622",
    "description": "Multiple cross-site scripting (XSS) vulnerabilities in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) groupid parameter in an editgroup action or (2) usergroup_id parameter in an edit_usergroup action.",
    "id": "GSD-2012-6622"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-6622"
      ],
      "details": "Multiple cross-site scripting (XSS) vulnerabilities in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) groupid parameter in an editgroup action or (2) usergroup_id parameter in an edit_usergroup action.",
      "id": "GSD-2012-6622",
      "modified": "2023-12-13T01:20:16.896706Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2012-6622",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple cross-site scripting (XSS) vulnerabilities in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) groupid parameter in an editgroup action or (2) usergroup_id parameter in an edit_usergroup action."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "49155",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/49155"
          },
          {
            "name": "http://wordpress.org/extend/plugins/forum-server/changelog/",
            "refsource": "CONFIRM",
            "url": "http://wordpress.org/extend/plugins/forum-server/changelog/"
          },
          {
            "name": "https://plugins.trac.wordpress.org/changeset/532918",
            "refsource": "CONFIRM",
            "url": "https://plugins.trac.wordpress.org/changeset/532918"
          },
          {
            "name": "53530",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/53530"
          },
          {
            "name": "http://packetstormsecurity.org/files/112703/WordPress-WP-Forum-Server-1.7.3-SQL-Injection-Cross-Site-Scripting.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.org/files/112703/WordPress-WP-Forum-Server-1.7.3-SQL-Injection-Cross-Site-Scripting.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vasthtml:forumpress:1.0:-:-:*:-:wordpress:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vasthtml:forumpress:1.1:-:-:*:-:wordpress:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vasthtml:forumpress:1.6:-:-:*:-:wordpress:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vasthtml:forumpress:1.6.2:-:-:*:-:wordpress:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vasthtml:forumpress:1.6.3:-:-:*:-:wordpress:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vasthtml:forumpress:1.7:-:-:*:-:wordpress:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vasthtml:forumpress:1.7.1:-:-:*:-:wordpress:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vasthtml:forumpress:1.4:-:-:*:-:wordpress:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vasthtml:forumpress:1.5:-:-:*:-:wordpress:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vasthtml:forumpress:1.6.6:-:-:*:-:wordpress:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vasthtml:forumpress:1.6.7:-:-:*:-:wordpress:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vasthtml:forumpress:*:-:-:*:-:wordpress:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.7.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vasthtml:forumpress:1.2:-:-:*:-:wordpress:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vasthtml:forumpress:1.3:-:-:*:-:wordpress:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vasthtml:forumpress:1.6.4:-:-:*:-:wordpress:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vasthtml:forumpress:1.6.5:-:-:*:-:wordpress:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vasthtml:forumpress:1.7.2:-:-:*:-:wordpress:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vasthtml:forumpress:1.7.3:-:-:*:-:wordpress:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vasthtml:forumpress:1.5.1:-:-:*:-:wordpress:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vasthtml:forumpress:1.5.2:-:-:*:-:wordpress:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vasthtml:forumpress:1.6.8:-:-:*:-:wordpress:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vasthtml:forumpress:1.6.9:-:-:*:-:wordpress:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-6622"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) groupid parameter in an editgroup action or (2) usergroup_id parameter in an edit_usergroup action."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://plugins.trac.wordpress.org/changeset/532918",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://plugins.trac.wordpress.org/changeset/532918"
            },
            {
              "name": "http://packetstormsecurity.org/files/112703/WordPress-WP-Forum-Server-1.7.3-SQL-Injection-Cross-Site-Scripting.html",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://packetstormsecurity.org/files/112703/WordPress-WP-Forum-Server-1.7.3-SQL-Injection-Cross-Site-Scripting.html"
            },
            {
              "name": "http://wordpress.org/extend/plugins/forum-server/changelog/",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://wordpress.org/extend/plugins/forum-server/changelog/"
            },
            {
              "name": "49155",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/49155"
            },
            {
              "name": "53530",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/53530"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2016-12-08T03:02Z",
      "publishedDate": "2014-01-16T21:55Z"
    }
  }
}

GHSA-F9PM-944H-HX2W

Vulnerability from github – Published: 2022-05-17 03:23 – Updated: 2025-04-11 04:18

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-6622"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-01-16T21:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple cross-site scripting (XSS) vulnerabilities in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) groupid parameter in an editgroup action or (2) usergroup_id parameter in an edit_usergroup action.",
  "id": "GHSA-f9pm-944h-hx2w",
  "modified": "2025-04-11T04:18:11Z",
  "published": "2022-05-17T03:23:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6622"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/532918"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.org/files/112703/WordPress-WP-Forum-Server-1.7.3-SQL-Injection-Cross-Site-Scripting.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/49155"
    },
    {
      "type": "WEB",
      "url": "http://wordpress.org/extend/plugins/forum-server/changelog"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/53530"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2012-6622 (GCVE-0-2012-6622)

FKIE_CVE-2012-6622

GSD-2012-6622

GHSA-F9PM-944H-HX2W

Tags

Sightings

Nomenclature