Podatność CVE-2023-2624


Publikacja: 2023-06-27

Opis:
The KiviCare WordPress plugin before 3.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrator

W naszej bazie, znaleźliśmy następujące noty dla tego CVE:
Tytuł
Autor
Data
Low
WordPress KiviCare 3.2.0 Cross Site Scripting
Arvandy
05.10.2023

Typ:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

 Referencje:
https://wpscan.com/vulnerability/dc3a841d-a95b-462e-be4b-acaa44e77264

Copyright 2024, cxsecurity.com

 

Back to Top