Description

Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestbook 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter to wp-admin/admin.php, or the (2) messagefield parameter in the guestbook page, and the (3) title parameter in the messagearea.

Remediation

References

CVE-2008-0617

Related Vulnerabilities

WordPress Plugin FCChat Widget 'Upload.php' Arbitrary File Upload (2.2.13.1)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-20520)

MySQL CVE-2014-6551 Vulnerability (CVE-2014-6551)

WordPress Plugin Elementor Website Builder Arbitrary File Upload (3.18.1)

Dot CMS Uncontrolled Recursion Vulnerability (CVE-2022-37034)

Severity

Medium

Classification

CVE-2008-0617 CWE-707

Tags

Missing Update Known Vulnerabilities