CVE-2014-4527

2014-07-02T18:55:00
ID CVE-2014-4527
Type cve
Reporter cve@mitre.org
Modified 2014-07-11T17:59:00

Description

Multiple cross-site scripting (XSS) vulnerabilities in paginas/vista-previa-form.php in the EnvialoSimple: Email Marketing and Newsletters (envialosimple-email-marketing-y-newsletters-gratis) plugin before 1.98 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) FormID or (2) AdministratorID parameter.