Lucene search
Jing WangPACKETSTORM:129443HistoryDec 09, 2014 - 12:00 a.m.
goYWP WebPress 13.00.06 Cross Site Scripting
2014-12-0900:00:00
Jing Wang
packetstormsecurity.com
31
EPSS
0.001
Percentile
49.8%
`*CVE-2014-8751 goYWP WebPress Multiple XSS (Cross-Site Scripting) Security
Vulnerabilities*
Exploit Title: goYWP WebPress Multiple XSS (Cross-Site Scripting) Security
Vulnerabilities
Product: WebPress
Vendor: goYWP
Vulnerable Versions: 13.00.06
Tested Version: 13.00.06
Advisory Publication: Dec 09, 2014
Latest Update: Dec 09, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-8751
Credit: Wang Jing [SPMS, Nanyang Technological University, Singapore]
*Advisory Details:*
*(1) Product*
"WebPress is the foundation on which we build web sites. Itβs our unique
Content Management System (CMS), flexible enough for us to build your dream
site, and easy enough for you to maintain it yourself."
*(2) Vulnerability Details:*
goYWP WebPress is vulnerable to XSS attacks.
*(2.1)* The first security vulnerability occurs at "/search.php" page with
"&search_param" parameter in HTTP GET.
*(2.2)* The second security vulnerability occurs at "/forms.php" (form
submission ) page with "&name", "&address" "&comment" parameters in HTTP
POST.
*References:*
http://tetraph.com/security/cves/cve-2014-8751-goywp-webpress-multiple-xss-cross-site-scripting-security-vulnerabilities/
http://www.goywp.com/view/cms
http://www.goywp.com/demo.php
http://cwe.mitre.org
http://cve.mitre.org/
`
Related
prion
prion
Cross site scripting
2014-12-16 18:59:00
nvd
nvd
CVE-2014-8751
2014-12-16 18:59:09
cve
cve
CVE-2014-8751
2014-12-16 18:59:09
cvelist
cvelist
CVE-2014-8751
2014-12-16 18:00:00