Description

Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) gbname, (2) gbemail, (3) gburl, and (4) gbmsg parameters to unspecified programs. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Remediation

References

CVE-2008-0618

Related Vulnerabilities

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-4940)

OpenSSL Improper Certificate Validation Vulnerability (CVE-2019-1552)

Ruby on Rails Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-7829)

OpenSSL 7PK - Security Features Vulnerability (CVE-2015-1793)

Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-26034)

Severity

Medium

Classification

CVE-2008-0618 CWE-707

Tags

Missing Update Known Vulnerabilities