5 matches found
CVE-2023-40328
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Carrrot plugin = 1.1.0 versions...
CVE-2023-40328
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Carrrot plugin = 1.1.0 versions...
CVE-2023-40328
The CVE-2023-40328 entry concerns Carrrot WordPress plugin versions ≤ 1.1.0, with an authenticated admin+ Stored XSS vulnerability. Root cause: improper handling/escaping of parameters that allows stored XSS when an admin+ user loads the affected page. Impact is described as cross-site scripting ...
CVE-2023-40328 WordPress Carrot Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Carrrot plugin = 1.1.0 versions...
WordPress Carrot Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)
Software Carrot Type Plugin Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-40328 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 4994efcb84ef Credits Prasanna V Balaji Required privile...