Multiple cross-site scripting (XSS) vulnerabilities in the WP GuestMap plugin 1.8 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) zl, (2) mt, or (3) dc parameter to guest-locator.php; the (4) zl, (5) mt, (6) activate, or (7) dc parameter to online-tracker.php; the (8) zl, (9) mt, or (10) dc parameter to stats-map.php; or the (11) zl, (12) mt, (13) activate, or (14) dc parameter to weather-map.php.
References
Link | Resource |
---|---|
http://codevigilant.com/disclosure/wp-plugin-wp-guestmap-a3-cross-site-scripting-xss | Exploit |
http://www.securityfocus.com/bid/68403 | Exploit |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2014-07-02T18:00:00
Updated: 2015-05-12T14:57:00
Reserved: 2014-06-23T00:00:00
Link: CVE-2014-4587
JSON object: View
NVD Information
Status : Analyzed
Published: 2014-07-02T18:55:10.003
Modified: 2015-08-28T16:34:44.867
Link: CVE-2014-4587
JSON object: View
Redhat Information
No data.
CWE