|Title: Reflected XSS in wordpress plugin bp-gtm-system v1.9.5|
|Author: Larry W. Cashdollar, @_larry0|
|Download Site: https://wordpress.org/plugins/bp-gtm-system|
|Vendor Notified: 2016-02-09|
|Vendor Contact: firstname.lastname@example.org|
|Plugin Name: bp-gtm-system|
There is a reflected XSS vulnerability in the following php code ./bp-gtm-system/bp-gtm-functions.php: 50: <li id="un-<?php echo $_GET['r'] ?>" class="resps-tab"> The variable r appears to send unsanitized data back to the users browser.
|CVE-ID: Not Released|
Exploit was derived from appearance of first vulnerable parameter in code, there could be more shown above.