Highlight Security Vulnerabilities

CVE-2023-33187

Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to type="text" via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates type="password" inputs.....

CVE-2022-3462

The Highlight Focus WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

CVE-2021-24591

The Highlight WordPress plugin before 0.9.3 does not sanitise its CustomCSS setting, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is...