Archive

Archive for May, 2012

Vanilla Forums FirstLastNames Plugin Profile Two Script Insertion Vulnerabilities

May 30th, 2012
Comments Off

Application: Vanilla Forums
Affected Version: version 1.3.2 and other versions.
Vendor’s URL: FirstLastNames Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Cross Site Scripting, Discussion Boards

Vanilla Forums LatestComment Plugin Discussion Title Script Insertion

May 30th, 2012
Comments Off

Application: Vanilla Forums
Affected Version: version 1.1 and other versions.
Vendor’s URL: LatestComment Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Cross Site Scripting, Discussion Boards

Vanilla Forums AboutMe Plugin Multiple Script Insertion

May 30th, 2012
Comments Off

Application: Vanilla Forums
Affected Version: version 1.1.1
Vendor’s URL: AboutMe Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitised.

Cross Site Scripting, Discussion Boards

WordPress WassUp Plugin “User-Agent” HTTP Header Script Insertion

May 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 1.8.3 and prior versions.
Vendor’s URL: WassUp Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 1.8.3.1.

Content Management, Cross Site Scripting

Joomla! JCE Component Cross-Site Scripting and Arbitrary File Upload

May 30th, 2012
Comments Off

Application: Joomla!
Affected Version: version 2.0.21 or prior versions.
Vendor’s URL: JCE Component
Bug Type: Cross-Site Scripting and Arbitrary File Upload
Risk Level: Critical

Solution:
Update to version 2.1.0.

Content Management, Cross Site Scripting, File Inclusion

Jaow CMS “add_ons” SQL Injection

May 30th, 2012
Comments Off

Application: Jaow CMS
Affected Version: version 2.4.4 and other versions.
Vendor’s URL: Jaow CMS
Bug Type: SQL Injection
Risk Level: Critical

Solution:
Update to version 2.4.6.

Content Management, SQL Injection

WordPress Profile Builder Plugin Recover Password Security Bypass Vulnerability

May 30th, 2012
Comments Off

Application: WordPress
Affected Version: version 1.1.24
Vendor’s URL: Profile Builder Plugin
Bug Type: Security Bypass
Risk Level: Critical

Solution:
Update to version 1.1.26.

Access Bypass, Content Management