{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-11-25T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Register Plus plugin 3.5.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) firstname, (2) lastname, (3) website, (4) aim, (5) yahoo, (6) jabber, (7) about, (8) pass1, and (9) pass2 parameters in a register action."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://websecurity.com.ua/4539"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.org/files/view/96143/registerplus-xss.txt"}, {"name": "45057", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/45057"}, {"name": "42360", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42360"}, {"name": "69491", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/69491"}, {"name": "20101125 [Suspected Spam]Vulnerabilities in Register Plus for WordPress", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/514903/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2010-4402", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Register Plus plugin 3.5.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) firstname, (2) lastname, (3) website, (4) aim, (5) yahoo, (6) jabber, (7) about, (8) pass1, and (9) pass2 parameters in a register action."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://websecurity.com.ua/4539", "refsource": "MISC", "url": "http://websecurity.com.ua/4539"}, {"name": "http://packetstormsecurity.org/files/view/96143/registerplus-xss.txt", "refsource": "MISC", "url": "http://packetstormsecurity.org/files/view/96143/registerplus-xss.txt"}, {"name": "45057", "refsource": "BID", "url": "http://www.securityfocus.com/bid/45057"}, {"name": "42360", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/42360"}, {"name": "69491", "refsource": "OSVDB", "url": "http://osvdb.org/69491"}, {"name": "20101125 [Suspected Spam]Vulnerabilities in Register Plus for WordPress", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/514903/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:43:14.597Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://websecurity.com.ua/4539"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.org/files/view/96143/registerplus-xss.txt"}, {"name": "45057", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/45057"}, {"name": "42360", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/42360"}, {"name": "69491", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/69491"}, {"name": "20101125 [Suspected Spam]Vulnerabilities in Register Plus for WordPress", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/514903/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-4402", "datePublished": "2010-12-04T23:00:00", "dateReserved": "2010-12-04T00:00:00", "dateUpdated": "2024-08-07T03:43:14.597Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:devbits:register-plus:*:*:*:*:*:*:*:*", "matchCriteriaId": "6552E1A6-58B3-44A0-B8C2-7F16DEAAF281", "versionEndIncluding": "3.5.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:devbits:register-plus:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "A785432C-7E48-4D3E-85E5-FAD1EB2EA835", "vulnerable": true}, {"criteria": "cpe:2.3:a:devbits:register-plus:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "F270C0A4-627C-4289-8CDD-C8F0A7565912", "vulnerable": true}, {"criteria": "cpe:2.3:a:devbits:register-plus:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "1496B674-12AD-4D0E-99F1-8AD5D2451B24", "vulnerable": true}, {"criteria": "cpe:2.3:a:devbits:register-plus:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "468B47F9-EE0D-4804-BCDC-E160D00E5900", "vulnerable": true}, {"criteria": "cpe:2.3:a:devbits:register-plus:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "24DEC831-FF90-44A9-A4D7-4CD559F6DD36", "vulnerable": true}, {"criteria": "cpe:2.3:a:devbits:register-plus:2.3:*:*:*:*:*:*:*", "matchCriteriaId": "F7EA353B-05A2-4E0D-8DE4-8364410E2B65", "vulnerable": true}, {"criteria": "cpe:2.3:a:devbits:register-plus:2.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99FAE76-2353-48C4-83CE-B68D26DDC6CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:devbits:register-plus:2.5:*:*:*:*:*:*:*", "matchCriteriaId": "E4311912-12D9-4E9E-B058-FBB6EC683FAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:devbits:register-plus:2.6:*:*:*:*:*:*:*", "matchCriteriaId": "11546D3A-A75F-467A-BC94-DBF9A9E5D1C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:devbits:register-plus:2.7:*:*:*:*:*:*:*", "matchCriteriaId": "25669008-3609-47C5-A543-BF05BB29C029", "vulnerable": true}, {"criteria": "cpe:2.3:a:devbits:register-plus:2.8:*:*:*:*:*:*:*", "matchCriteriaId": "7FEF74AA-4802-4F89-B737-2006D2FDBE77", "vulnerable": true}, {"criteria": "cpe:2.3:a:devbits:register-plus:2.9:*:*:*:*:*:*:*", "matchCriteriaId": "6B62FCF7-8FC0-4F23-897E-7EED0152216B", "vulnerable": true}, {"criteria": "cpe:2.3:a:devbits:register-plus:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "1F09EB82-A255-457A-B559-F2D3F553BB75", "vulnerable": true}, {"criteria": "cpe:2.3:a:devbits:register-plus:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "6026F9B0-CD99-409C-975C-CFFC82FE61FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:devbits:register-plus:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "72E04912-36F0-4CAA-861B-A12E567FF76D", "vulnerable": true}, {"criteria": "cpe:2.3:a:devbits:register-plus:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "71C3F956-22BD-4E49-95CD-05484CB30C2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:devbits:register-plus:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "1E647DD6-4D02-4309-9F64-711265FEB501", "vulnerable": true}, {"criteria": "cpe:2.3:a:devbits:register-plus:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "34A89008-87B5-4449-90C4-962453E0F224", "vulnerable": true}, {"criteria": "cpe:2.3:a:devbits:register-plus:3.4:*:*:*:*:*:*:*", "matchCriteriaId": "4153EDD3-F684-495E-ACDF-B9CEEBBDE91E", "vulnerable": true}, {"criteria": "cpe:2.3:a:devbits:register-plus:3.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "01E6D21C-733C-49AD-A84D-FF057A18B2CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:devbits:register-plus:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "651E275A-3405-46A6-B9CF-16B071D16C66", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "matchCriteriaId": "847DA578-4655-477E-8A6F-99FBE738E4F9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Register Plus plugin 3.5.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) firstname, (2) lastname, (3) website, (4) aim, (5) yahoo, (6) jabber, (7) about, (8) pass1, and (9) pass2 parameters in a register action."}, {"lang": "es", "value": "Multiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en wp-login.php del complemento Register Plus 3.5.1 y versiones anteriores de WordPress. Permiten a usuarios remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s de los par\u00e1metros (1) firstname, (2) lastname, (3) website, (4) aim, (5) yahoo, (6) jabber, (7) about, (8) pass1 y (9) pass2 de una acci\u00f3n de registro."}], "id": "CVE-2010-4402", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-12-06T13:37:32.127", "references": [{"source": "[email protected]", "url": "http://osvdb.org/69491"}, {"source": "[email protected]", "tags": ["Exploit"], "url": "http://packetstormsecurity.org/files/view/96143/registerplus-xss.txt"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/42360"}, {"source": "[email protected]", "tags": ["Exploit"], "url": "http://websecurity.com.ua/4539"}, {"source": "[email protected]", "url": "http://www.securityfocus.com/archive/1/514903/100/0/threaded"}, {"source": "[email protected]", "url": "http://www.securityfocus.com/bid/45057"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/69491"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://packetstormsecurity.org/files/view/96143/registerplus-xss.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/42360"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://websecurity.com.ua/4539"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/514903/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/45057"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "[email protected]", "type": "Primary"}]}

{}