CVE-2012-3434

EUVD-2012-3401
Multiple cross-site scripting (XSS) vulnerabilities in userperspan.php in the Count Per Day module before 3.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) datemin, or (3) datemax parameter.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
Affected Products (NVD)
VendorProductVersion
tom_braidercount_per_day
𝑥
≤ 3.1
tom_braidercount_per_day
1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://plugins.trac.wordpress.org/changeset/571926/count-per-day
http://secunia.com/advisories/49692
http://www.darksecurity.de/advisories/2012/SSCHADV2012-015.txt
http://www.openwall.com/lists/oss-security/2012/07/24/4
http://www.openwall.com/lists/oss-security/2012/07/27/2
http://www.osvdb.org/83491
http://www.tomsdimension.de/wp-plugins/count-per-day
http://plugins.trac.wordpress.org/changeset/571926/count-per-day
http://secunia.com/advisories/49692
http://www.darksecurity.de/advisories/2012/SSCHADV2012-015.txt
http://www.openwall.com/lists/oss-security/2012/07/24/4
http://www.openwall.com/lists/oss-security/2012/07/27/2
http://www.osvdb.org/83491
http://www.tomsdimension.de/wp-plugins/count-per-day