3 results (0.004 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dylan Kuhn Geo Mashup allows Stored XSS.This issue affects Geo Mashup: from n/a through 1.13.12. The Geo Mashup plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.13.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/geo-mashup/wordpress-geo-mashup-plugin-1-13-12-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

The Geo Mashup plugin before 1.10.4 for WordPress has insufficient sanitization of post editor and other user input. El plugin Geo Mashup en versiones anteriores a la 1.10.4 para WordPress tiene un saneamiento insuficiente de post editor y otras entradas del usuario. • https://github.com/cyberhobo/wordpress-geo-mashup/blob/master/readme.txt https://github.com/cyberhobo/wordpress-geo-mashup/commit/838e2fe15a2328f5ae3dfc75d90e420509286f2f https://github.com/cyberhobo/wordpress-geo-mashup/issues/817 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in the geo search widget in the Geo Mashup plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search key. Vulnerabilidad de XSS en el Widget 'geo search' en el plugin Geo Mashup anterior a 1.8.3 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la clave de búsqueda. WordPress Geo Mashup plugin versions 1.8.2 and below suffer from a cross site scripting vulnerability. • http://seclists.org/fulldisclosure/2015/Jan/113 http://www.openwall.com/lists/oss-security/2015/01/27/26 https://wordpress.org/plugins/geo-mashup/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •