CVE-2012-6622

Vasthtml Forumpress < 1.7.4 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) groupid parameter in an editgroup action or (2) usergroup_id parameter in an edit_usergroup action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Heine Pedersen · textwebappsphp

https://www.exploit-db.com/exploits/37195

View Code ZIP pw:eip

References (5)

Core 5

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/49155

Patch, Vendor Advisory x_refsource_confirm

http://wordpress.org/extend/plugins/forum-server/changelog/

Product x_refsource_confirm

https://plugins.trac.wordpress.org/changeset/532918

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/53530

Exploit x_refsource_misc

http://packetstormsecurity.org/files/112703/WordPress-WP-Forum-Server-1.7.3-SQL-Injection-Cross-Site-Scripting.html

Scores

EPSS 0.0409

EPSS Percentile 88.7%

Details

CWE

CWE-79

Status published

Products (22)

vasthtml/forumpress 1.0

vasthtml/forumpress 1.1

vasthtml/forumpress 1.2

vasthtml/forumpress 1.3

vasthtml/forumpress 1.4

vasthtml/forumpress 1.5

vasthtml/forumpress 1.5.1

vasthtml/forumpress 1.5.2

vasthtml/forumpress 1.6

vasthtml/forumpress 1.6.2

... and 12 more

Published Jan 16, 2014

Tracked Since Feb 18, 2026