5 matches found
CVE-2024-9835
The RSS Feed Widget WordPress plugin before 3.0.1 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2024-9835
creationtimestamp| type| source ---|---|--- 2024-11-12 06:06:53+00:00| seen| https://infosec.exchange/users/cve/statuses/113468480736175719 2024-11-12 08:00:09+00:00| seen| https://t.me/cvedetector/10586...
CVE-2024-9835
The CVE-2024-9835 entry concerns the WordPress RSS Feed Widget plugin (versions prior to 3.0.1). The vulnerability is a Reflected Cross-Site Scripting (XSS) flaw where the plugin fails to escape the $_SERVER['REQUEST_URI'] parameter before echoing it into an HTML attribute, potentially enabling X...
CVE-2024-9835 RSS Feed Widget < 3.0.1 - Reflected XSS
The RSS Feed Widget WordPress plugin before 3.0.1 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2024-9835 RSS Feed Widget < 3.0.1 - Reflected XSS
The RSS Feed Widget WordPress plugin before 3.0.1 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...