vendor:
Church_Admin
by:
woodspeed
7.5
CVSS
HIGH
Stored XSS
79
CWE
Product Name: Church_Admin
Affected Version From: 0.8
Affected Version To: 0.8
Patch Exists: YES
Related CWE: N/A
CPE: a:wordpress:church_admin
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2015
WordPress church_admin Stored XSS
On the registration form the address field is not validated before returning it to the user. Visiting the Directory page, will show the confirm window.
Mitigation:
Input validation should be performed on the address field before returning it to the user.