CVE-2012-6312

Video-lead-form Uk-cookie - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter in a video-lead-form action to wp-admin/admin.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Aditya Balapure · textwebappsphp

https://www.exploit-db.com/exploits/38066

View Code ZIP pw:eip

References (2)

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2012-12/0060.html

[Vendor Advisory] http://wordpress.org/extend/plugins/video-lead-form/changelog/

Scores

EPSS 0.0114

EPSS Percentile 78.3%

Details

CWE

CWE-79

Status published

Products (2)

video-lead-form/uk-cookie

n/a/n/a

Published Dec 11, 2012

Tracked Since Feb 18, 2026