Cross-site scripting (XSS) vulnerability in account.php in Lussumo Vanilla 1.1.5-rc1, 1.1.4, and previous versions allows remote authenticated users to inject arbitrary web script or HTML via the Value field (aka Label ==> Value pairs). NOTE: some of these details are obtained from third party information.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lussumo vanilla 1.1.1 |
||
lussumo vanilla 1.1.2 |
||
lussumo vanilla 1.0.1 |
||
lussumo vanilla 1.0.2 |
||
lussumo vanilla |
||
lussumo vanilla 1.0.3 |
||
lussumo vanilla 1.1 |
||
lussumo vanilla 0.9.2 |
||
lussumo vanilla 1 |
||
lussumo vanilla 1.1.3 |
||
lussumo vanilla 1.1.4 |