CVE-2015-2807 – Navis DocumentCloud < 0.1.1 - Reflected Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2015-2807

Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter. Vulnerabilidad de XSS en js/windows.php en el plugin Navis DocummentCloud en versiones anteriores a 0.1.1 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro wpbase. WordPress Navis DocumentCloud plugin version 0.1 suffers from a cross site scripting vulnerability. • http://packetstormsecurity.com/files/133350/WordPress-Navis-DocumentCloud-0.1-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2015/Aug/78 https://security.dxw.com/advisories/publicly-exploitable-xss-in-wordpress-plugin-navis-documentcloud https://wordpress.org/plugins/navis-documentcloud/changelog https://wpvulndb.com/vulnerabilities/8164 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •