Cross site scripting

2021-11-0818:15:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

24.8%

JSON

The Booking.com Product Helper WordPress plugin before 1.0.2 does not sanitize and escape Product Code when creating Product Shortcode, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

CPENameOperatorVersion
booking.com_product_helperlt1.0.2

CPE	Name	Operator	Version
	booking.com_product_helper	lt	1.0.2

References

wpscan.com/vulnerability/b15744de-bf56-4e84-9427-b5652d123c15

0.001 Low

EPSS

Percentile

24.8%

JSON

Related for PRION:CVE-2021-24645