Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to type="text" via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates type="password" inputs.....
6.5CVSS
6.4AI Score
0.001EPSS
The Highlight Focus WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
4.8CVSS
4.7AI Score
0.001EPSS
The Highlight WordPress plugin before 0.9.3 does not sanitise its CustomCSS setting, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is...
5.4CVSS
5.1AI Score
0.001EPSS