|
| Description: | | Multiple cross-site scripting (XSS) vulnerabilities in Quick Post Widget plugin 1.9.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) Title, (2) Content, or (3) New category field to wordpress/ or (4) query string to wordpress/. |
|
| Impact: | | An attacker can conduct a cross-site scripting attack to inject malicious client-side scripts into web pages viewed by other users, or to bypass access controls such as the same-origin policy, if affected version is installed. |
|
| Affected OS: | | Network Device, Solaris, FreeBSD, Windows, Other Unix, Linux |
|
| Reference: | | SecurityFocusBID:54311
|
|