EUVD-2015-3938

Malware in sbrugna...

WordPress plugin Roomcloud 'roomcloud.php' has multiple cross-site scripting vulnerabilities

WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL.Roomcloud is a plugin for online hotel booking. Multiple cross-site scripting vulnerabilities exist in the WordPress plugin Roomcloud 'roomcloud.php', which allow...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in roomcloud.php in the Roomcloud plugin before 1.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 pin, 2 startday, 3 startmonth, 4 startyear, 5 endday, 6 endmonth, 7 endyear, 8 lang, 9 adults, or 10 children...

CVE-2015-3904

Multiple cross-site scripting XSS vulnerabilities in roomcloud.php in the Roomcloud plugin before 1.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 pin, 2 startday, 3 startmonth, 4 startyear, 5 endday, 6 endmonth, 7 endyear, 8 lang, 9 adults, or 10 children...

WordPress Roomcloud Plugin <= 1.2 - Multiple XSS

Because of these vulnerabilities in roomcloud.php, the attackers can inject arbitrary web script or HTML via 10 parameters: "pin", "lang", "startyear", "startmonth", "startday", "endday", "endmonth", "endyear", "adults", "children". Solution Update the plugin...