Donations
News
About
Support
Security
Screen shots
Download
Plugins
Documentation
Sponsors
Bounties
Junk Email Filter
|
Security
Cross-site scripting vulnerability in the Autocomplete plugin
- Date:
- 2012-03-09
- Description:
- A malicious user that can convince any other user to add some specially-formatted contact details into the victim's address book would have the ability to run script code in the victim's browser, potentially exposing the victim's account or account data to the attacker.
- Affected Versions:
- < 3.0
- Register Globals:
- Register_globals does not have to be on for this issue.
- CVE ID(s):
- CVE-2012-0323
- Patch:
- n/a
- Credits:
- Masaki Konishi & JPCERTT/CC
- This page last updated:
- 2012-03-09 00:00:00
|