CVE-2012-0901

Description

Cross-site scripting (XSS) vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter.

Affected products

• attenzione / yousaytoo1.0 – 1.0

Exploits & PoCs

• nucleiYouSayToo auto-publishing 1.0 - Cross-Site Scriptingby daffainfo

References

• EXPLOIThttp://packetstormsecurity.org/files/view/108470/wpystap-xss.txt
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/72271