|
Description
|
|
Two vulnerabilities have been discovered in the WP Forum Server plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
Input passed to the "groupid" parameter in wp-admin/admin.php (when "page" is set to "forum-server/fs-admin/fs-admin.php", "vasthtml_action" is set to "structure", and "do" is set to "editgroup") and "usergroup_id" in wp-admin/admin.php (when "page" is set to "forum-server/fs-admin/fs-admin.php", "vasthtml_action" is set to "usergroups", and "do" is set to "edit_usergroup") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerabilities are reported in version 1.7.3 and confirmed in version 1.6.9. Other versions may also be affected.
|
