Description
Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index.php vector is already covered by CVE-2008-2566.
Remediation
References
Related Vulnerabilities
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1000862)
WordPress Plugin YITH Maintenance Mode Multiple Cross-Site Scripting Vulnerabilities (1.3.8)
WordPress Plugin Google Authenticator-Per User Prompt Timing Attack (0.6)
Oracle JRE CVE-2014-0451 Vulnerability (CVE-2014-0451)
WordPress Plugin 360 Product Rotation Cross-Site Scripting (1.4.7)