- Input passed to the "User-Agent" header parameter it isn't properly sanitised before being returned to the user on 404 or 500 error. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. <br/> <br/> <span class="bb-navy">Confirmed in version MX 7. Other versions may also be affected.</span>
- Contact the vendor for further information.
- WordPress Plugin All Category SEO Updater Cross-Site Scripting (0.2.7)
- Parallels Plesk SSO XML External Entity and Cross-site scripting
- WordPress Plugin XCloner-Backup and Restore Cross-Site Scripting (3.1.2)
- WordPress Plugin Site Reviews Cross-Site Scripting (2.15.2)
- WordPress Plugin Updater by BestWebSoft Cross-Site Scripting (1.34)