CVE-2010-4402

Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Register Plus plugin 3.5.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) firstname, (2) lastname, (3) website, (4) aim, (5) yahoo, (6) jabber, (7) about, (8) pass1, and (9) pass2 parameters in a register action.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
VendorProductVersion
devbitsregister-plus
𝑥
≤ 3.5.1
devbitsregister-plus
1.1
devbitsregister-plus
1.2
devbitsregister-plus
2.0
devbitsregister-plus
2.1
devbitsregister-plus
2.2
devbitsregister-plus
2.3
devbitsregister-plus
2.4
devbitsregister-plus
2.5
devbitsregister-plus
2.6
devbitsregister-plus
2.7
devbitsregister-plus
2.8
devbitsregister-plus
2.9
devbitsregister-plus
3.0
devbitsregister-plus
3.0.1
devbitsregister-plus
3.0.2
devbitsregister-plus
3.1
devbitsregister-plus
3.2
devbitsregister-plus
3.3
devbitsregister-plus
3.4
devbitsregister-plus
3.4.1
devbitsregister-plus
3.5
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
wordpress
maverick
not-affected
lucid
not-affected
karmic
not-affected
hardy
not-affected
dapper
not-affected
Common Weakness Enumeration
References
http://osvdb.org/69491
http://packetstormsecurity.org/files/view/96143/registerplus-xss.txt
http://secunia.com/advisories/42360
http://websecurity.com.ua/4539
http://www.securityfocus.com/archive/1/514903/100/0/threaded
http://www.securityfocus.com/bid/45057
http://osvdb.org/69491
http://packetstormsecurity.org/files/view/96143/registerplus-xss.txt
http://secunia.com/advisories/42360
http://websecurity.com.ua/4539
http://www.securityfocus.com/archive/1/514903/100/0/threaded
http://www.securityfocus.com/bid/45057