3 matches found
CVE-2016-1000145
Reflected XSS in wordpress plugin pondol-carousel v1.0...
CVE-2016-1000145
Reflected XSS in wordpress plugin pondol-carousel v1.0...
CVE-2016-1000145
CVE-2016-1000145 affects the WordPress pondol-carousel plugin (v1.0). The vulnerability is a Cross-Site Scripting (XSS) flaw in the plugin’s admin flow, traced to unsanitized data in the variable like itemid being sent back to the user’s browser (admin_create.php). This can allow an attacker to i...