5 matches found
WordPress All In One WP Security & Firewall Plugin < 5.1.5 is vulnerable to Cross Site Scripting (XSS)
Software All In One WP Security & Firewall Type Plugin Vulnerable versions 5.1.5 Fixed in 5.1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0157 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1a165999b0f3 Credits Bartłomi...
CVE-2023-0157
creationtimestamp| type| source ---|---|--- 2023-04-10 18:32:56+00:00| seen| https://t.me/cibsecurity/61754 2023-09-24 08:26:43+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/5192...
CVE-2023-0157 All-In-One Security (AIOS) < 5.1.5 - Admin+ Stored XSS
The All-In-One Security AIOS WordPress plugin before 5.1.5 does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user admin+ to plant bogus log files containing malicious JavaScript code that will be executed in the context of any...
CVE-2023-0157
The CVE-2023-0157 entry concerns All-In-One Security (AIOS) for WordPress, where versions prior to 5.1.5 fail to escape log file content before rendering on the plugin’s admin page. This enables an authorized admin+ user to plant log files containing malicious JavaScript that executes in the cont...
CVE-2023-0157 All-In-One Security (AIOS) < 5.1.5 - Admin+ Stored XSS
The All-In-One Security AIOS WordPress plugin before 5.1.5 does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user admin+ to plant bogus log files containing malicious JavaScript code that will be executed in the context of any...