3 matches found
WordPress Concours 1.1 Cross Site Scripting
Product: WordPress Concours Plugin - https://wordpress.org/plugins/wp-concours/ Vendor: Olyos Tested version: 1.1 CVE ID: CVE-2017-17719 CVE description A cross-site scripting XSS vulnerability in the wp-concours plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web...
WordPress Concours 1.1 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Product: WordPress Concours Plugin - https://wordpress.org/plugins/wp-concours/ Vendor: Olyos Tested version: 1.1 CVE ID: CVE-2017-17719 CVE description A cross-site scripting XSS vulnerability in the wp-concours plugin through 1.1 for WordPre...
CVE-2017-17719
CVE-2017-17719 concerns the wp-concours WordPress plugin (versions up to 1.1). The vulnerability is a cross-site scripting (XSS) flaw in wp-concours/includes/concours_page.php: a user-controlled value from $_REQUEST['result_message'] is stored in $message_str and echoed back to the page without p...