"History Viewer Look & Feel" in latest Dooodl is vulnerable to persistent XSS.
All forms available at wp-admin/admin.php?page=dooodl_gallery_layout&settings-updated=true
are vulnerable to XSS attack.
Add filtering for user input for parameters described as:
Body backgroundcolor, Dooodl item backgroundcolor, Link backgroundcolor, Link textcolor,
Title textcolor, General textcolor, Title backgroundcolor, Intro backgroundcolor, Intro textcolor
No comments:
Post a Comment
What do You think...?