The Advanced Image Sitemap WordPress plugin up to and including 1.2 does not sanitise and escape the PHP_SELF PHP variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
advanced image sitemap project advanced image sitemap |