ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Smart Flv Plugin - Multiple Cross Site Scripting Vulnerabilities

Product
Smart Flv
Description
Smart Flv plugin is prone to multiple cross-site scripting vulnerabilities because of failure to properly clean up user-supplied input. It allows an attacker to execute arbitrary script code in the browser of an user in the context of the affected site. Other attacks are also possible.
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Exploit-DB
CVE
Name CVE-2013-1765
Versions
Affected In 1.0
Fixed In 1.1
Disclosure date
2013-02-25
Credits
Henri Salo