List Site Pro 2.0 allows remote attackers to hijack user accounts by inserting a "|" (pipe), which is used as a field delimiter, into the bannerurl field.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| list_site_pro | list_site_pro | 2.0 |