5 matches found
CVE-2023-0236
The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and escape the resetkey and userid parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-0236
creationtimestamp| type| source ---|---|--- 2025-03-25 18:25:13+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8725...
CVE-2023-0236 Tutor LMS < 2.0.10 - Reflected Cross-Site Scripting
The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and escape the resetkey and userid parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-0236 Tutor LMS < 2.0.10 - Reflected Cross-Site Scripting
The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and escape the resetkey and userid parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
WordPress Tutor LMS Plugin < 2.0.10 is vulnerable to Cross Site Scripting (XSS)
Software Tutor LMS Type Plugin Vulnerable versions 2.0.10 Fixed in 2.0.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0236 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 18dcd075ba54 Credits So Sakaguchi Required...