CVE-2014-8751

Name of the Vulnerable Software and Affected Versions goYWP WebPress version 13.00.06

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The affected parameters include search param to the "search.php" endpoint, and name, address, or comment parameters to the "forms.php" endpoint.

Recommendations For goYWP WebPress version 13.00.06, as a temporary workaround, consider validating and sanitizing user input for the search param parameter in "search.php" and the name, address, and comment parameters in "forms.php" to prevent XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.