14 lines
No EOL
675 B
Text
14 lines
No EOL
675 B
Text
source: http://www.securityfocus.com/bid/48714/info
|
|
|
|
The bSuite plug-in for WordPress is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input.
|
|
|
|
Attacker-supplied HTML and script code could be executed in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks may also be possible.
|
|
|
|
bSuite versions 4.0.7 and prior are vulnerable.
|
|
|
|
|
|
The following example URIs are available:
|
|
|
|
http://www.example.com/wordpress/?s=<h2>XSSED</h2>
|
|
|
|
http://www.example.com/wordpress/?p=1&<h1>XSSED</h1> |