XSS vulnerability in the admin dashbord
-
This plugin is open to a Persistent Cross-Site Scripting vulnerability due to a lack of input validation and output sanitation of the name, message and message fields.
Just by adding
<script>alert('XSS');</script>
to any of the fields listed above will cause an alert box to pop up when viewing the Entries page in the admin dashboard.
- The topic ‘XSS vulnerability in the admin dashbord’ is closed to new replies.