EUVD-2013-3464

Malware in sbrugna...

FuneralPress 1.1.6 - Stored XSS

The wp-funeral-press WordPress plugin was affected by a Stored XSS security vulnerability...

Wordpress FuneralPress Plugin 1.1.6 - Persistent XSS

No description provided by source. WP FuneralPress - stored xss in guestbook FuneralPress is an online website obituary management and guest book program for funeral homes and cemeteries http://wpfuneralpress.com/ tested on: funeralpress version 1.1.6 / wordpress version 3.5.1 impact: malicious...

CVE-2013-3529

Multiple cross-site scripting XSS vulnerabilities in user/obits.php in the WP FuneralPress plugin before 1.1.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 message, 2 photo-message, or 3 youtube-message parameter...

CVE-2013-3529

The CVE concerns the WP FuneralPress WordPress plugin, affecting version(s) before 1.1.7. The vulnerability is a Cross-Site Scripting (XSS) in the file path user/obits.php, where the parameters (message, photo-message, youtube-message) can be exploited to inject arbitrary script/HTML. Root cause:...

WordPress FuneralPress Plugin 1.1.6 - Persistent XSS

FuneralPress plugin is prone to a persistent cross-site scripting vulnerabilities. These vulnerabilities allow attackers to host malicious Javascript on another site, enter a path to a local image in , if Photo was selected. Also, attackers can submit the form with the following entered into...

WordPress Plugin FuneralPress 1.1.6 - Persistent Cross-Site Scripting

WordPress Plugin FuneralPress 1.1.6 - Persistent Cross-Site Scripting WP FuneralPress - stored xss in guestbook "FuneralPress is an online website obituary management and guest book program for funeral homes and cemeteries" http://wpfuneralpress.com/ tested on: funeralpress version 1.1.6 /...

Wordpress FuneralPress Plugin 1.1.6 - Persistent XSS

Exploit for php platform in category web applications A low-privilege or guest user can inject code via the , and elements which are part of the wpfhuploadform form in http://site/obituaries/?id=ID&f=guestbook&m=add Scripts injected via the "photo-message" and "youtube-message" elements will be...

WordPress Plugin FuneralPress 1.1.6 - Persistent Cross-Site Scripting

WP FuneralPress - stored xss in guestbook "FuneralPress is an online website obituary management and guest book program for funeral homes and cemeteries" http://wpfuneralpress.com/ tested on: funeralpress version 1.1.6 / wordpress version 3.5.1 impact: malicious script execution as wordpress...

WordPress FuneralPress 1.1.6 Cross Site Scripting

WP FuneralPress - stored xss in guestbook "FuneralPress is an online website obituary management and guest book program for funeral homes and cemeteries" http://wpfuneralpress.com/ tested on: funeralpress version 1.1.6 / wordpress version 3.5.1 impact: malicious script execution as wordpress...