CVE-2012-3434 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in userperspan.php in the Count Per Day module before 3.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page (2) datemin or (3) datemax parameter.

Reference

http://plugins.trac.wordpress.org/changeset/571926/count-per-day http://secunia.com/advisories/49692 http://www.darksecurity.de/advisories/2012/SSCHADV2012-015.txt http://www.openwall.com/lists/oss-security/2012/07/24/4 http://www.openwall.com/lists/oss-security/2012/07/27/2 http://www.osvdb.org/83491 http://www.tomsdimension.de/wp-plugins/count-per-day