Description

Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestbook 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter to wp-admin/admin.php, or the (2) messagefield parameter in the guestbook page, and the (3) title parameter in the messagearea.

Remediation

References

CVE-2008-0617

Related Vulnerabilities

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-0309)

WordPress Plugin WP Bannerize 'ajax_sorter.php' SQL Injection (2.8.7)

Oracle Application Server Other Vulnerability (CVE-2002-0655)

Atlassian Jira CVE-2020-36237 Vulnerability (CVE-2020-36237)

Drupal Core 8.5.x Multiple Vulnerabilities (8.5.0 - 8.5.8)

Severity

Medium

Classification

CVE-2008-0617 CWE-707

Tags

Missing Update Known Vulnerabilities