A stored Cross-Site Scripting (XSS) vulnerability in the TC Custom JavaScript plugin prior to 1.2.2 for WordPress allows unauthenticated remote malicious users to inject arbitrary JavaScript via the tccj-content parameter. This is displayed in the page footer of every front-end page and executed in the browser of visitors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
tc custom javascript project tc custom javascript |