WordPress League Manager Plugin <= 3.7

Back

WordPress League Manager Plugin <= 3.7 - Multiple XSS

Product: League Manager
Description: Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the "group" parameter in the show-league page.
Solution: Update the plugin.
Classification: Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References: CVE Mitre
CVE: Name CVE-2012-2912
Versions: Affected In <= 3.7
Fixed In 3.8
Disclosure date: 2012-05-21
Credits: Heine Pedersen