ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Slimstat Plugin <= 3.9.1 - XSS

Product
Slimstat Analytics
Description
This vulnerability is in the Save Filters functionality. It allows the attackers to inject arbitrary web script or HTML via the "fs[resource]" parameter.
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
CVE Mitre
CVE
Name CVE-2015-1204
Versions
Affected In <= 3.9.1
Fixed In 3.9.2
Disclosure date
2015-01-21
Submitter
ThreatPress