CMS Tree Page View (WordPress plugin) version 0.8.8 suffers from cross-site scripting (XSS) vulnerabilities:
Input passed via the "cms_tpv_view" GET parameter to "wp-admin/options-general.php" script is not properly sanitised before being returned to the user.
Vulnerability ID: HTB23083
Vendor Notification / Patch / Public Disclosure Dates: 21 March / 26 March / 11 April
Vulnerabilities Type: Cross-Site Scripting (XSS)
Solution Status: Fixed by Vendor
Risk level: Medium
Solution: Upgrade to 0.8.9 or later version
No comments:
Post a Comment