2 matches found
CVE-2017-18557
The CVE-2017-18557 entry concerns the WordPress plugin bws-google-maps (BestWebSoft) prior to version 1.3.6, with multiple XSS issues. The connected nuclei template confirms the vulnerability is Cross-Site Scripting and that exploitation would allow authenticated attackers to execute arbitrary Ja...
CVE-2017-2171
CVE-2017-2171 detail: A cross-site scripting vulnerability affects BestWebSoft WordPress plugins that display the BestWebSoft menu. The issue arises from a common function used to render the menu (CWE-79), enabling remote attackers to execute arbitrary script in a logged-in user’s browser. Affect...