Multiple cross-site scripting (XSS) vulnerabilities in roomcloud.php in the Roomcloud plugin prior to 1.3 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) pin, (2) start_day, (3) start_month, (4) start_year, (5) end_day, (6) end_month, (7) end_year, (8) lang, (9) adults, or (10) children parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
roomcloud roomcloud |