Cross site scripting

2023-03-2016:15:00

PRIOn knowledge base

www.prio-n.com

cross site scripting

stored attacks

wordpress

0.001 Low

EPSS

Percentile

23.5%

JSON

The Responsive Clients Logo Gallery Plugin for WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

CPENameOperatorVersion
smart_logo_showcase_liteeq1.1.7
smart_logo_showcase_liteeq1.1.9
smart_logo_showcase_liteeq1.1.8
smart_logo_showcase_liteeq1.1.6
smart_logo_showcase_liteeq1.1.5
smart_logo_showcase_liteeq1.1.4
smart_logo_showcase_liteeq1.1.3
smart_logo_showcase_liteeq1.1.2
smart_logo_showcase_liteeq1.1.1
smart_logo_showcase_liteeq1.1.0

Name	Operator	Version
smart_logo_showcase_lite	eq	1.1.7
smart_logo_showcase_lite	eq	1.1.9
smart_logo_showcase_lite	eq	1.1.8
smart_logo_showcase_lite	eq	1.1.6
smart_logo_showcase_lite	eq	1.1.5
smart_logo_showcase_lite	eq	1.1.4
smart_logo_showcase_lite	eq	1.1.3
smart_logo_showcase_lite	eq	1.1.2
smart_logo_showcase_lite	eq	1.1.1
smart_logo_showcase_lite	eq	1.1.0

Rows per page:

1-10 of 201

References

wpscan.com/vulnerability/cdcd3c2c-cb29-4b21-8d3d-7eafbc1d3098

0.001 Low

EPSS

Percentile

23.5%

JSON

Related for PRION:CVE-2023-0175