CVE-2008-0837 – Search Unleashed <= 0.2.10 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2008-0837

Cross-site scripting (XSS) vulnerability in the log feature in the John Godley Search Unleashed 0.2.10 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, which is not properly handled when the administrator views the log file. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Plugin John Godley Search Unleashed 0.2.10 para WordPress, que permite a atacantes remotos inyectar secuencias de comandos web o html de su elección a través del parámetro "s", que no se encuentra manejado adecuadamente cuando el administrador revisa el fichero de logs. • http://secunia.com/advisories/28968 http://securityreason.com/securityalert/3674 http://urbangiraffe.com/tracker/issues/show/60 http://www.securityfocus.com/archive/1/488109/100/0/threaded http://www.securityfocus.com/bid/27791 https://exchange.xforce.ibmcloud.com/vulnerabilities/40513 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •