Lucene search
WPScanCVELIST:CVE-2023-0937HistoryMar 20, 2023 - 3:52 p.m.
CVE-2023-0937 VK All in One Expansion Unit < 9.87.1.0 - Reflected XSS
2023-03-2015:52:18
WPScan
www.cve.org
cve-2023-0937
vk all in one expansion unit
wordpress plugin
reflected cross-site scripting
$_server['request_uri'] parameter
web browsers
0.001 Low
EPSS
Percentile
35.4%
The VK All in One Expansion Unit WordPress plugin before 9.87.1.0 does not escape the $_SERVER[‘REQUEST_URI’] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
CNA Affected
[
{
"vendor": "Unknown",
"product": "VK All in One Expansion Unit",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "9.87.1.0"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
prion
prion
Cross site scripting
2023-03-20 16:15:00
nvd
nvd
CVE-2023-0937
2023-03-20 16:15:12
cve
cve
CVE-2023-0937
2023-03-20 16:15:12
wpvulndb
wpvulndb
VK All in One Expansion Unit < 9.87.1.0 - Reflected XSS
2023-02-23 00:00:00
openvas
openvas
WordPress VK All in One Expansion Unit Plugin < 9.87.1.0 XSS Vulnerability
2023-10-16 00:00:00
wpexploit
wpexploit
VK All in One Expansion Unit < 9.87.1.0 - Reflected XSS
2023-02-23 00:00:00
wordfence
wordfence