|
Description
|
|
A weakness and two vulnerabilities have been reported in the JS Hotel plugin for WordPress, which can be exploited by malicious people to disclose certain system information and conduct cross-site scripting attacks.
1) Input passed via the "roomid" GET parameter to wp-content/plugins/js-multihotel/includes/refreshDate.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Input passed via the "src" parameter to wp-content/plugins/js-multihotel/includes/timthumb.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
This may be related to vulnerability #1 in:
SA44126
3) An error in the wp-content/plugins/js-multihotel/includes/timthumb.php script can be exploited to disclose the full installation in an error message.
The weakness and the vulnerabilities are reported in version 2.2.1. Other versions may also be affected.
|
