CVE-2012-2912

LeagueManager 3.7 - WordPress XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in the LeagueManager plugin 3.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter in the show-league page or (2) season parameter in the team page to wp-admin/admin.php.

References (3)

[Exploit] http://packetstormsecurity.org/files/112698/WordPress-LeagueManager-3.7-Cross-Site-Scripting.html

[Exploit] http://www.securityfocus.com/bid/53525

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/75629

Scores

EPSS 0.0015

EPSS Percentile 35.8%

Classification

CWE

CWE-79

Status published

Affected Products (2)

kolja_schleich/leaguemanager

n/a/n/a

Timeline

Published May 21, 2012

Tracked Since Feb 18, 2026