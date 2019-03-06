Search
Vulnérabilités

Vigil@nce - WordPress Blog2Social: Cross Site Scripting

May 2019 by Vigil@nce

This bulletin was written by Vigil@nce : https://vigilance.fr/offer/Computer...

SYNTHESIS OF THE VULNERABILITY

An attacker can trigger a Cross Site Scripting of WordPress Blog2Social, in order to run JavaScript code in the context of the web site.

Impacted products: WordPress Plugins not comprehensive.

Severity: 2/4.

Consequences: client access/rights.

Provenance: document.

Confidence: confirmed by the editor (5/5).

Creation date: 06/03/2019.

DESCRIPTION OF THE VULNERABILITY

The Blog2Social plugin can be installed on WordPress.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of WordPress Blog2Social, in order to run JavaScript code in the context of the web site.

ACCESS TO THE FULL VIGIL@NCE BULLETIN

https://vigilance.fr/vulnerability/...




