製品・ソフトウェアに関する情報

JVN脆弱性詳細

WordPress 用 ThreeWP Email Reflector プラグインにおけるクロスサイトスクリプティングの脆弱性

Title	WordPress 用 ThreeWP Email Reflector プラグインにおけるクロスサイトスクリプティングの脆弱性
Summary	WordPress 用 ThreeWP Email Reflector プラグインには、クロスサイトスクリプティングの脆弱性が存在します。
Possible impacts	第三者により、電子メールの件名を介して、任意の Web スクリプトまたは HTML を挿入される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Aug. 8, 2012, midnight
Registration Date	June 23, 2014, 11:12 a.m.
Last Update	June 23, 2014, 11:12 a.m.

Affected System

edward mindreantre

ThreeWP Email Reflector 1.16 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-2572	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2572
National Vulnerability Database (NVD)
2	CVE-2012-2572	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2572

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-79	https://jvndb.jvn.jp/ja/cwe/CWE-79.html

ベンダー情報

No	Name	URL
WordPress Plugin Directory
1	Changelog	http://wordpress.org/plugins/threewp-email-reflector/changelog/
2	ThreeWP Email Reflector	http://wordpress.org/plugins/threewp-email-reflector/installation/

その他

No	Name	URL
関連文書
1	85134 : ThreeWP Email Reflector Plugin for WordPress Subject Field XSS	http://osvdb.org/show/osvdb/85134

Change Log

No	Changed Details	Date of change
0	[2014年06月23日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2012-2572

Summary	Cross-site scripting (XSS) vulnerability in the ThreeWP Email Reflector plugin before 1.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Subject of an email.
Publication Date	June 19, 2014, 11:55 p.m.
Registration Date	Jan. 28, 2021, 2:58 p.m.
Last Update	Nov. 21, 2024, 10:39 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mindreantre:threewp_email_reflector:1.1:::::wordpress::
cpe:2.3:a:mindreantre:threewp_email_reflector:1.12:::::wordpress::
cpe:2.3:a:mindreantre:threewp_email_reflector:1.6:::::wordpress::
cpe:2.3:a:mindreantre:threewp_email_reflector:1.2:::::wordpress::
cpe:2.3:a:mindreantre:threewp_email_reflector::::::wordpress::*		1.15
cpe:2.3:a:mindreantre:threewp_email_reflector:1.8:::::wordpress::
cpe:2.3:a:mindreantre:threewp_email_reflector:1.9:::::wordpress::
cpe:2.3:a:mindreantre:threewp_email_reflector:1.7:::::wordpress::
cpe:2.3:a:mindreantre:threewp_email_reflector:1.3:::::wordpress::
cpe:2.3:a:mindreantre:threewp_email_reflector:1.5:::::wordpress::
cpe:2.3:a:mindreantre:threewp_email_reflector:1.0:::::wordpress::
cpe:2.3:a:mindreantre:threewp_email_reflector:1.13:::::wordpress::
cpe:2.3:a:mindreantre:threewp_email_reflector:1.14:::::wordpress::
cpe:2.3:a:mindreantre:threewp_email_reflector:1.4:::::wordpress::
cpe:2.3:a:mindreantre:threewp_email_reflector:1.11:::::wordpress::
cpe:2.3:a:mindreantre:threewp_email_reflector:1.10:::::wordpress::

Related information, measures and tools

No	URL	タグ
1	http://osvdb.org/show/osvdb/85134
2	http://osvdb.org/show/osvdb/85134
3	http://wordpress.org/plugins/threewp-email-reflector/changelog	Patch
4	http://wordpress.org/plugins/threewp-email-reflector/changelog	Patch
5	http://www.exploit-db.com/exploits/20365	Exploit
6	http://www.exploit-db.com/exploits/20365	Exploit
7	http://www.securityfocus.com/bid/54903	Exploit
8	http://www.securityfocus.com/bid/54903	Exploit
9	https://exchange.xforce.ibmcloud.com/vulnerabilities/77502
10	https://exchange.xforce.ibmcloud.com/vulnerabilities/77502

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mindreantre:threewp_email_reflector:1.1:::::wordpress::
cpe:2.3:a:mindreantre:threewp_email_reflector:1.12:::::wordpress::
cpe:2.3:a:mindreantre:threewp_email_reflector:1.6:::::wordpress::
cpe:2.3:a:mindreantre:threewp_email_reflector:1.2:::::wordpress::
cpe:2.3:a:mindreantre:threewp_email_reflector::::::wordpress::*		1.15
cpe:2.3:a:mindreantre:threewp_email_reflector:1.8:::::wordpress::
cpe:2.3:a:mindreantre:threewp_email_reflector:1.9:::::wordpress::
cpe:2.3:a:mindreantre:threewp_email_reflector:1.7:::::wordpress::
cpe:2.3:a:mindreantre:threewp_email_reflector:1.3:::::wordpress::
cpe:2.3:a:mindreantre:threewp_email_reflector:1.5:::::wordpress::
cpe:2.3:a:mindreantre:threewp_email_reflector:1.0:::::wordpress::
cpe:2.3:a:mindreantre:threewp_email_reflector:1.13:::::wordpress::
cpe:2.3:a:mindreantre:threewp_email_reflector:1.14:::::wordpress::
cpe:2.3:a:mindreantre:threewp_email_reflector:1.4:::::wordpress::
cpe:2.3:a:mindreantre:threewp_email_reflector:1.11:::::wordpress::
cpe:2.3:a:mindreantre:threewp_email_reflector:1.10:::::wordpress::