Multiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) Assist plugin prior to 1.1.2.test20160906, (2) dataBox plugin prior to 0.0.0.20160906, and (3) userBox plugin prior to 0.0.0.20160906 for Geeklog allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
databox project databox plugin |
||
userbox project userbox plugin |
||
assist project assist plugin |