CVE-2014-4528

Name of the Vulnerable Software and Affected Versions Bugs Go Viral : Facebook Promotion Generator (fbpromotions) plugin versions 1.3.4 and earlier

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the promo type, fb edit action, or promo id parameters in the admin/swarm-settings.php file.

Recommendations For versions 1.3.4 and earlier, update to a version later than 1.3.4 to resolve the issue. As a temporary workaround, consider restricting access to the admin/swarm-settings.php file and avoid using the promo type, fb edit action, or promo id parameters until a patch is available.