Wordpress FuneralPress Plugin 1.1.6 - Persistent XSS

No description provided by source. WP FuneralPress - stored xss in guestbook FuneralPress is an online website obituary management and guest book program for funeral homes and cemeteries http://wpfuneralpress.com/ tested on: funeralpress version 1.1.6 / wordpress version 3.5.1 impact: malicious...

CVE-2013-3529

Multiple cross-site scripting XSS vulnerabilities in user/obits.php in the WP FuneralPress plugin before 1.1.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 message, 2 photo-message, or 3 youtube-message parameter...

Wordpress FuneralPress Plugin 1.1.6 - Persistent XSS

Exploit for php platform in category web applications A low-privilege or guest user can inject code via the , and elements which are part of the wpfhuploadform form in http://site/obituaries/?id=ID&f=guestbook&m=add Scripts injected via the "photo-message" and "youtube-message" elements will be...