CVE-2015-9356 – Viper GuestBook <= 1.3.15 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2015-9356

20 Apr 2015 — The wp-vipergb plugin before 1.3.16 for WordPress has XSS via add_query_arg() and remove_query_arg(), a different issue than CVE-2014-9460. El plugin wp-vipergb versiones anteriores a 1.3.16 para WordPress, tiene una vulnerabilidad de tipo XSS por medio de las funciones add_query_arg() y remove_query_arg(), un problema diferente de CVE-2014-9460. The Viper GuestBook plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.3.15 due to insufficient input sanitization and ... • https://make.wordpress.org/plugins/2015/04/20/fixing-add_query_arg-and-remove_query_arg-usage • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •