CVE-2008-1061 Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to (a) warning.php (b) notice.php and (c) inset.php in view/sniplets/ and possibly (d) modules/execute.php; the (2) url parameter to (e) view/admin/submenu.php; and the (3) page parameter to (f) view/admin/pager.php.
Reference
http://secunia.com/advisories/29099 http://securityreason.com/securityalert/3706 http://www.securityfocus.com/archive/1/488734/100/0/threaded http://www.securityfocus.com/bid/27985 https://exchange.xforce.ibmcloud.com/vulnerabilities/40830 https://www.exploit-db.com/exploits/5194 Multiple cross-site scripting (XSS) vulnerabilities in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to (a) warning.php (b) notice.php and (c) inset.php in view/sniplets/ and possibly (d) modules/execute.php; the (2) url parameter to (e) view/admin/submenu.php; and the (3) page parameter to (f) view/admin/pager.php.
Share on: