Thursday 20 December 2012

[EN] Dooodl (1.1.4) XSSed

"History Viewer Look & Feel" in latest Dooodl is vulnerable to persistent XSS.

All forms available at wp-admin/admin.php?page=dooodl_gallery_layout&settings-updated=true
are vulnerable to XSS attack.

Add filtering for user input for parameters described as:
Body backgroundcolor, Dooodl item backgroundcolor, Link backgroundcolor, Link textcolor,
Title textcolor, General textcolor, Title backgroundcolor, Intro backgroundcolor, Intro textcolor

No comments:

Post a Comment

What do You think...?