CVE-2014-4536 – Infusionsoft Gravity Forms Add-on < 1.5.7 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2014-4536

Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en el archivo tests/notAuto_test_ContactService_pauseCampaign.php en el plugin Infusionsoft Gravity Forms versiones anteriores a la versión 1.5.6 para WordPress, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro (1) go, (2) contactId, o (3) campaignId. • http://codevigilant.com/disclosure/wp-plugin-infusionsoft-a3-cross-site-scripting-xss http://wordpress.org/plugins/infusionsoft/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •