Description
Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index.php vector is already covered by CVE-2008-2566.
Remediation
References
Related Vulnerabilities
WordPress Plugin CheetahO Image Compression and Optimizer Unspecified Vulnerability (1.4.2.1)
WordPress Plugin WordPress Facebook Multiple Cross-Site Scripting Vulnerabilities (1.0.10)
WordPress Plugin Gallery-Video Gallery and Youtube Gallery Cross-Site Scripting (1.2.4)
WordPress Plugin Autopilot SEO for WooCommerce Security Bypass (1.5.1)