Archive

Archive for July, 2013

CMS Made Simple “X-Forwarded-For” Script Insertion Vulnerability

July 29th, 2013
Comments Off

Application: CMS Made Simple
Affected Version: version 1.11.6 and prior versions.
Vendor’s URL: CMS Made Simple
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 1.11.7.

Content Management, Cross Site Scripting

WordPress Download Monitor Plugin “p” and “sort” Cross-Site Scripting

July 29th, 2013
Comments Off

Application: WordPress
Affected Version: version 3.3.6.1 and prior versions.
Vendor’s URL: Download Monitor Plugin
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 3.3.6.2.

Content Management, Cross Site Scripting

WordPress Citizen Space Plugin Cross-Site Request Forgery

July 29th, 2013
Comments Off

Application: WordPress
Affected Version: version 1.0 and prior versions.
Vendor’s URL: Citizen Space Plugin
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 1.1.

Content Management, Cross Site Scripting

WordPress WooCommerce Plugin “calc_shipping_state” Script Insertion

July 29th, 2013
Comments Off

Application: WordPress
Affected Version: version 2.0.12 and prior versions.
Vendor’s URL: WooCommerce Plugin
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 2.0.13.

Content Management, Cross Site Scripting

Joomla! Googlemaps Plugin “url” Cross-Site Scripting Vulnerability

July 29th, 2013
Comments Off

Application: Joomla!
Affected Version: versions 2.18 and 3.0 and other versions.
Vendor’s URL: Googlemaps Plugin
Bug Type: Cross-Site Scripting
Risk Level: Medium

Solution:
Update to version 2.19 or 3.1.

Content Management, Cross Site Scripting

WordPress Pie Register Plugin Two Cross-Site Scripting Vulnerabilities

July 29th, 2013
Comments Off

Application: WordPress
Affected Version: version 1.30 and other versions.
Vendor’s URL: Pie Register Plugin
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting

WordPress Search ‘N Save Plugin Path Disclosure and Cross-Site Scripting Vulnerabilities

July 29th, 2013
Comments Off

Application: WordPress
Affected Version:
Vendor’s URL: Search ‘N Save Plugin
Bug Type: Path Disclosure and Cross-Site Scripting
Risk Level: Medium

Solution:
No official solution is currently available.

Content Management, Cross Site Scripting, Information Disclosure

PrestaShop TinyMCE Script Insertion Vulnerability

July 29th, 2013
Comments Off

Application: PrestaShop
Affected Version: versions 1.4.10.0 and 1.5.4.1 and other versions.
Vendor’s URL: TinyMCE Script
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to a fixed version if available.

Cross Site Scripting, E-Commerce