CVE-2012-2570 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

source: https://www.securityfocus.com/bid/54635/info The chenpress plugin for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. http://www.example.com/wp-content/plugins/chenpress/FCKeditor/editor/filemanager/browser/mcpuk/browser.html

###################################################################################### # Exploit Title: X-Cart Gold 4.5 (products_map.php symb parameter) XSS Vulnerability # Date: Jul 21 2012 # Author: muts # Version: X-Cart Gold 4.5 # Vendor URL: http://www.x-cart.com/ ###################################################################################### X-Cart Gold implements a degree of XSS filtering but it is incomplete. The "symb" parameter of "products_map.php" is vulnerable to XSS and can be bypassed by using HTML anchor methods and URL encoding. Timeline: 29 May 2012: Vulnerability reported to CERT 30 May 2012: Response received from CERT with disclosure date set to 20 Jul 2012 21 Jul 2012: Public Disclosure PoC: http://victim/xcart/products_map?symb=%22%20onmousemove=javascript:eval%28unescape%28%26quot%3balert%28%22xss%22%29%3B%26quot%3B%29%29%3EAAAAAA