Cross-Site Scripting Vulnerabilities in DMSGuestbook Plugin for WordPress
CVE-2008-0617

Currently unrated

Key Information:

Vendor: Wordpress
Status: Dmsguestbook
Vendor: CVE Published:; 6 February 2008

Summary

The DMSGuestbook 1.7.0 plugin for WordPress is affected by multiple Cross-Site Scripting (XSS) vulnerabilities, which allow remote attackers to inject arbitrary web scripts or HTML into the application. Exploitation occurs through the 'file' parameter in wp-admin/admin.php, the 'messagefield' parameter on the guestbook page, and the 'title' parameter in the message area. This vulnerability can lead to unauthorized access and potentially harmful activities on affected WordPress sites.

References

http://www.securityfocus.com/bid/27575

vdb-entryx_refsource_BID

http://securityreason.com/securityalert/3615

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/archive/1/487437/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Feb 6, 2008
Vulnerability Reserved
Feb 5, 2008