2 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in the newTwittersignbutton function in nextend-Twitter-connect.php in the Nextend Twitter Connect plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirectto parameter. NOTE: this may overlap...
CVE-2015-4413
Cross-site scripting XSS vulnerability in the newfbsignbutton function in nextend-facebook-connect.php in Nextend Facebook Connect plugin before 1.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirectto parameter...