Multiple cross-site scripting (XSS) vulnerabilities in user/obits.php in the WP FuneralPress plugin before 1.1.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) message, (2) photo-message, or (3) youtube-message parameter.
References
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2013-05-10 14:55
Updated : 2017-08-28 18:33
NVD link : CVE-2013-3529
Mitre link : CVE-2013-3529
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
wordpress
- wordpress
smartypantsplugins
- wp-funeral-press