CVE-2012-4271 - Vulnerability Details - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in bad-behavior-wordpress-admin.php in the Bad Behavior plugin before 2.0.47 and 2.2.x before 2.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) httpbl_key, (3) httpbl_maxage, (4) httpbl_threat, (5) reverse_proxy_addresses, or (6) reverse_proxy_header parameter.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mark Jaquith	Bad Behavior
Wordpress	Wordpress

Configuration 1 [-]

AND

OR	cpe:2.3:a:mark_jaquith:bad_behavior::::::::
	cpe:2.3:a:mark_jaquith:bad_behavior:2.2.0:::::::*
	cpe:2.3:a:mark_jaquith:bad_behavior:2.2.1:::::::*
	cpe:2.3:a:mark_jaquith:bad_behavior:2.2.2:::::::*
	cpe:2.3:a:mark_jaquith:bad_behavior:2.2.3:::::::*
	cpe:2.3:a:mark_jaquith:bad_behavior:2.2.4:::::::*

cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.org/files/112619/WordPress-Bad-Behavior-Cross-Site-Scripting.html
http://plugins.trac.wordpress.org/changeset?old_path=%2Fbad-behavior&old=543807&new_path=%2Fbad-behavior&new=543807
http://www.securityfocus.com/bid/53477
https://exchange.xforce.ibmcloud.com/vulnerabilities/75521

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-08-13T22:00:00

Updated: 2024-08-06T20:28:07.808Z

Reserved: 2012-08-13T00:00:00

Link: CVE-2012-4271

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-08-13T22:55:01.490

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-4271

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-05-11T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in bad-behavior-wordpress-admin.php in the Bad Behavior plugin before 2.0.47 and 2.2.x before 2.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) httpbl_key, (3) httpbl_maxage, (4) httpbl_threat, (5) reverse_proxy_addresses, or (6) reverse_proxy_header parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.org/files/112619/WordPress-Bad-Behavior-Cross-Site-Scripting.html"}, {"name": "53477", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/53477"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://plugins.trac.wordpress.org/changeset?old_path=%2Fbad-behavior&old=543807&new_path=%2Fbad-behavior&new=543807"}, {"name": "badbehavior-optionsgeneral-xss(75521)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75521"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-4271", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in bad-behavior-wordpress-admin.php in the Bad Behavior plugin before 2.0.47 and 2.2.x before 2.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) httpbl_key, (3) httpbl_maxage, (4) httpbl_threat, (5) reverse_proxy_addresses, or (6) reverse_proxy_header parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://packetstormsecurity.org/files/112619/WordPress-Bad-Behavior-Cross-Site-Scripting.html", "refsource": "MISC", "url": "http://packetstormsecurity.org/files/112619/WordPress-Bad-Behavior-Cross-Site-Scripting.html"}, {"name": "53477", "refsource": "BID", "url": "http://www.securityfocus.com/bid/53477"}, {"name": "http://plugins.trac.wordpress.org/changeset?old_path=%2Fbad-behavior&old=543807&new_path=%2Fbad-behavior&new=543807", "refsource": "CONFIRM", "url": "http://plugins.trac.wordpress.org/changeset?old_path=%2Fbad-behavior&old=543807&new_path=%2Fbad-behavior&new=543807"}, {"name": "badbehavior-optionsgeneral-xss(75521)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75521"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:28:07.808Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.org/files/112619/WordPress-Bad-Behavior-Cross-Site-Scripting.html"}, {"name": "53477", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/53477"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://plugins.trac.wordpress.org/changeset?old_path=%2Fbad-behavior&old=543807&new_path=%2Fbad-behavior&new=543807"}, {"name": "badbehavior-optionsgeneral-xss(75521)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75521"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-4271", "datePublished": "2012-08-13T22:00:00", "dateReserved": "2012-08-13T00:00:00", "dateUpdated": "2024-08-06T20:28:07.808Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mark_jaquith:bad_behavior:*:*:*:*:*:*:*:*", "matchCriteriaId": "9564311A-3398-4FD8-AC8F-FDD98C9054C5", "versionEndIncluding": "2.0.46", "vulnerable": true}, {"criteria": "cpe:2.3:a:mark_jaquith:bad_behavior:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "8001826A-EA3D-4593-8808-CC4F0F7C4940", "vulnerable": true}, {"criteria": "cpe:2.3:a:mark_jaquith:bad_behavior:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "BE98A597-437F-46E0-A707-E7B986D71284", "vulnerable": true}, {"criteria": "cpe:2.3:a:mark_jaquith:bad_behavior:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "ED220E2B-FA47-417C-9D4A-AE5412E613AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:mark_jaquith:bad_behavior:2.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "C770A4D4-9EAA-4424-A8D5-014B8CC6AD5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:mark_jaquith:bad_behavior:2.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "0241471A-DC55-470A-87B2-7594FF00AF8B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*", "matchCriteriaId": "A77EB0E7-7FA7-4232-97DF-7C7587D163F1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in bad-behavior-wordpress-admin.php in the Bad Behavior plugin before 2.0.47 and 2.2.x before 2.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) httpbl_key, (3) httpbl_maxage, (4) httpbl_threat, (5) reverse_proxy_addresses, or (6) reverse_proxy_header parameter."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en bad-behavior-wordpress-admin.php en el plugin 'Bad Behavior' (mala conducta) antes de v2.0.47 y v2.2.x antes de v2.2.5 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de (1) PATH_INFO, (2) httpbl_key, (3) httpbl_maxage, (4) httpbl_threat, (5) reverse_proxy_addresses, o (6) el par\u00e1metro reverse_proxy_header.\r\n"}], "id": "CVE-2012-4271", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-08-13T22:55:01.490", "references": [{"source": "cve@mitre.org", "url": "http://packetstormsecurity.org/files/112619/WordPress-Bad-Behavior-Cross-Site-Scripting.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://plugins.trac.wordpress.org/changeset?old_path=%2Fbad-behavior&old=543807&new_path=%2Fbad-behavior&new=543807"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/53477"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75521"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.org/files/112619/WordPress-Bad-Behavior-Cross-Site-Scripting.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://plugins.trac.wordpress.org/changeset?old_path=%2Fbad-behavior&old=543807&new_path=%2Fbad-behavior&new=543807"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/53477"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75521"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}