CVE-2011-3990

PukiWiki Plus! <1.4.7plus-u2-i18n - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in plugin/comment.inc.php in PukiWiki Plus! 1.4.7plus-u2-i18n and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References (3)

[Patch] http://jvndb.jvn.jp/jvndb/JVNDB-2011-000107

[Patch] http://pukiwiki.cafelounge.net/plus/?%E9%96%8B%E7%99%BA%E6%97%A5%E8%A8%98%2F2011-12-19

[Third Party Advisory] http://jvn.jp/en/jp/JVN76515037/index.html

Scores

EPSS 0.0036

EPSS Percentile 57.7%

Classification

CWE

CWE-79

Status published

Affected Products (2)

pukiwiki/pukiwiki_plus\! < 1.47

n/a/n/a

Timeline

Published Dec 22, 2011

Tracked Since Feb 18, 2026