Description
Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or the (2) photos_only, (3) online_only, or (4) mode parameters to viewFriends.php.
Remediation
References
Related Vulnerabilities
WordPress Improper Input Validation Vulnerability (CVE-2018-20152)
Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-4042)
WordPress Plugin Authorize.net Payment Gateway For WooCommerce Security Bypass (2.0)
WordPress Plugin FormCraft-Premium WordPress Form Builder Cross-Site Scripting (3.2.31)
WordPress Plugin Leaflet Maps Marker Pro Multiple Vulnerabilities (1.5.7)