CVE-2015-4413

Cross-site scripting (XSS) vulnerability in the new_fb_sign_button function in nextend-facebook-connect.php in Nextend Facebook Connect plugin before 1.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:nextendweb:facebook_connect:*:*:*:*:*:wordpress:*:*

Information

Published : 2015-06-24 07:59

Updated : 2019-06-25 10:18


NVD link : CVE-2015-4413

Mitre link : CVE-2015-4413


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

nextendweb

  • facebook_connect