CVE-2013-0237
Moxiecode plupload < 1.5.5 - Cross-Site Scripting via id Parameter
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter.
References (4)
Core 4
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=904122
Product x_refsource_confirm
http://codex.wordpress.org/Version_3.5.1
Exploit, Patch x_refsource_confirm
https://github.com/moxiecode/plupload/commit/2d746ee9083c184f1234d8fed311e89bdd1b39e5
Vendor Advisory x_refsource_confirm
http://wordpress.org/news/2013/01/wordpress-3-5-1/
Scores
EPSS
0.0043
EPSS Percentile
62.7%
Details
CWE
CWE-79
Status
published
Products (48)
fedoraproject/fedora
16
fedoraproject/fedora
17
fedoraproject/fedora
18
moxiecode/plupload
1.4.0
moxiecode/plupload
1.4.1
moxiecode/plupload
1.4.2
moxiecode/plupload
1.4.3
moxiecode/plupload
1.5.0 (2 CPE variants)
moxiecode/plupload
1.5.1
moxiecode/plupload
1.5.2
... and 38 more
Published
Jul 08, 2013
Tracked Since
Feb 18, 2026