CVE-2015-1383

Currently unrated

Key Information:

Vendor: Wordpress
Status: Geo Mashup
Vendor: CVE Published:; 2 February 2015

Summary

Cross-site scripting (XSS) vulnerability in the geo search widget in the Geo Mashup plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search key.

References

http://seclists.org/fulldisclosure/2015/Jan/113

mailing-listx_refsource_FULLDISC

https://wordpress.org/plugins/geo-mashup/changelog/

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2015/01/27/26

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Feb 2, 2015
Vulnerability Reserved
Jan 27, 2015