logo
DATABASE RESOURCES PRICING ABOUT US

Listeo < 1.6.11 - Multiple XSS & XFS vulnerabilities

Description

The theme did not properly sanitise some parameters in its Search, Booking Confirmation and Personal Message pages, leading to Cross-Site Scripting issues \- Unauthenticated Reflected XSS | Search query, vulnerable parameter(s): keyword_search and location_search \- Authenticated Persistent XSS & XFS | Booking confirmation, vulnerable parameter(s): firstname, lastname, email, phone and message \- Authenticated Persistent XSS & XFS | Personal messages: action=listeo_send_message&recipient;=&referral;=author_archive&message;=


Related