Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the p parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mikejolley | download_monitor | 1.0.4 |
| mikejolley | download_monitor | 1.0.1 |
| mikejolley | download_monitor | 1.0.2 |
| mikejolley | download_monitor | 1.0.3 |
| mikejolley | download_monitor | 1.0.5 |
| mikejolley | download_monitor | * |
| mikejolley | download_monitor | 1.0.0 |
Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the sort parameter, a different vulnerability than CVE-2013-3262.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mikejolley | download_monitor | 1.0.4 |
| mikejolley | download_monitor | 1.0.1 |
| mikejolley | download_monitor | 1.0.2 |
| mikejolley | download_monitor | 1.0.3 |
| mikejolley | download_monitor | 1.0.5 |
| mikejolley | download_monitor | * |
| mikejolley | download_monitor | 1.0.0 |