Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. WordPress ME for XOOPS: crossite scripting...

Cross-Site Scripting vulnerabilities in WordPress ME for XOOPS

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting уязвимостях в плагине WordPress ME для XOOPS. XSS: POST запрос на странице http://site/modules/wordpress/wp-comments-post.php "scriptalertdocument.cookie/script В параметрах: author, comment, privatekey и back. Эксплоит:...