3 matches found
CVE-2021-24787
The Client Invoicing by Sprout Invoices WordPress plugin before 19.9.7 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24787 Client Invoicing by Sprout Invoices < 19.9.7 - Admin+ Stored Cross-Site Scripting
The Client Invoicing by Sprout Invoices WordPress plugin before 19.9.7 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24787
CVE-2021-24787 affects the WordPress plugin Client Invoicing by Sprout Invoices (versions prior to 19.9.7). Root cause: lack of proper sanitization/escaping of certain settings, enabling stored Cross-Site Scripting by high-privilege users even when unfiltered_html is disallowed. Affected componen...