WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-0618)

Description

Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) gbname, (2) gbemail, (3) gburl, and (4) gbmsg parameters to unspecified programs. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Remediation

References

Related Vulnerabilities

WordPress Plugin O2Tweet Cross-Site Request Forgery (0.0.4)

osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-32074)

WordPress Plugin Shortlinks by Pretty Links-Best WordPress Link Tracking Multiple Cross-Site Scripting Vulnerabilities (2.1.2)

ownCloud Credentials Management Errors Vulnerability (CVE-2012-5607)

WordPress Plugin Mashshare-Social Media Icons SEO Share Buttons for Facebook, Twitter, Subscribe Information Disclosure (2.3.0)

Severity

Medium

Classification

CVE-2008-0618 CWE-707

Tags

Missing Update Known Vulnerabilities