Lucene search

K
patchstackAditya BalapurePATCHSTACK:9B663786402EEEF2A8F8853E8E6D4795
HistoryNov 29, 2012 - 12:00 a.m.

WordPress Video Lead Form Plugin - Cross Site Scripting

2012-11-2900:00:00
Aditya Balapure
patchstack.com
8

0.002 Low

EPSS

Percentile

57.1%

WordPress Video Lead Form plugin’s β€œerrMsg” parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based authentication credentials. Other attacks are also possible.

Solution

           Update the plugin. 
CPENameOperatorVersion
video lead formle0.5

0.002 Low

EPSS

Percentile

57.1%

Related for PATCHSTACK:9B663786402EEEF2A8F8853E8E6D4795