Lucene search
K

5 matches found

Patchstack
Patchstack
added 2023/04/11 12:0 a.m.11 views

WordPress All In One WP Security & Firewall Plugin < 5.1.5 is vulnerable to Cross Site Scripting (XSS)

Software All In One WP Security & Firewall Type Plugin Vulnerable versions 5.1.5 Fixed in 5.1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0157 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1a165999b0f3 Credits Bartłomi...

4.8CVSS6AI score0.32462EPSS
Exploits2References3Affected Software1
Circl
Circl
added 2023/04/10 6:32 p.m.7 views

CVE-2023-0157

creationtimestamp| type| source ---|---|--- 2023-04-10 18:32:56+00:00| seen| https://t.me/cibsecurity/61754 2023-09-24 08:26:43+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/5192...

4.8CVSS6.5AI score0.32462EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2023/04/10 1:18 p.m.9 views

CVE-2023-0157 All-In-One Security (AIOS) < 5.1.5 - Admin+ Stored XSS

The All-In-One Security AIOS WordPress plugin before 5.1.5 does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user admin+ to plant bogus log files containing malicious JavaScript code that will be executed in the context of any...

5AI score0.32462EPSS
Exploits2References1
CVE
CVE
added 2023/04/10 1:18 p.m.96 views

CVE-2023-0157

The CVE-2023-0157 entry concerns All-In-One Security (AIOS) for WordPress, where versions prior to 5.1.5 fail to escape log file content before rendering on the plugin’s admin page. This enables an authorized admin+ user to plant log files containing malicious JavaScript that executes in the cont...

4.8CVSS5.4AI score0.32462EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/04/10 1:18 p.m.26 views

CVE-2023-0157 All-In-One Security (AIOS) < 5.1.5 - Admin+ Stored XSS

The All-In-One Security AIOS WordPress plugin before 5.1.5 does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user admin+ to plant bogus log files containing malicious JavaScript code that will be executed in the context of any...

5.5AI score0.32462EPSS
Exploits2References1
Rows per page
Query Builder