4 matches found
CVE-2011-5257
Multiple cross-site scripting XSS vulnerabilities in the Classipress theme before 3.1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 twitterid parameter related to the Twitter widget and 2 facebookid parameter related to the Facebook widget...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Classipress theme before 3.1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 twitterid parameter related to the Twitter widget and 2 facebookid parameter related to the Facebook widget...
CVE-2011-5257
Multiple cross-site scripting XSS vulnerabilities in the Classipress theme before 3.1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 twitterid parameter related to the Twitter widget and 2 facebookid parameter related to the Facebook widget...
Some more widgets: Facebook, Hockey, FlickrInterestingNess (Re: [MacOS X] Insecure eval() in Twitgit and Twitterlex dashboard widgets)
This is a follow-up to 0 and 1. Last night, I wrote: It would probably be an interesting exercise to go through some more dashboard widgets and grep for eval. I'd bet quite a bit that there's much more out there. - The top-50 facebook widget 2 uses the AllowFullAccess configuration option, which...