Lucene search
K

55 matches found

NVD
NVD
added 2023/02/06 8:15 p.m.28 views

CVE-2023-0170

The Html5 Audio Player WordPress plugin before 2.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.3AI score0.00573EPSS
Exploits2References1
Prion
Prion
added 2023/02/06 8:15 p.m.21 views

Cross site scripting

The Html5 Audio Player WordPress plugin before 2.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

4.9CVSS5.4AI score0.00573EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/02/06 7:59 p.m.27 views

CVE-2023-0170 Html5 Audio Player < 2.1.12 - Contributor+ Stored XSS

The Html5 Audio Player WordPress plugin before 2.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.5AI score0.00573EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/02/06 7:59 p.m.7 views

CVE-2023-0170 Html5 Audio Player < 2.1.12 - Contributor+ Stored XSS

The Html5 Audio Player WordPress plugin before 2.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6AI score0.00573EPSS
Exploits2References1
CVE
CVE
added 2023/02/06 7:59 p.m.71 views

CVE-2023-0170

The CVE-2023-0170 entry documents an XSS vulnerability in the WordPress Html5 Audio Player plugin prior to version 2.1.12. The issue arises because the plugin does not validate and escape certain shortcode attributes before embedding them in pages/posts, enabling users with the Contributor role o...

5.4CVSS5.3AI score0.00573EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2023/02/06 12:0 a.m.6 views

WordPress Plugin Html5 Audio Player 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS5.4AI score0.00573EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2023/01/12 12:0 a.m.37 views

Html5 Audio Player < 2.1.12 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC h5apinlineplayer src="invalid'...

5.4CVSS2.8AI score0.00573EPSS
Exploits2Affected Software1
Patchstack
Patchstack
added 2023/01/12 12:0 a.m.12 views

WordPress Html5 Audio Player Plugin < 2.1.12 is vulnerable to Cross Site Scripting (XSS)

Software Html5 Audio Player Type Plugin Vulnerable versions 2.1.12 Fixed in 2.1.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0170 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID e11a35149ba9 Credits Lana Codes...

5.4CVSS5.6AI score0.00573EPSS
Exploits2References4Affected Software1
wpexploit
wpexploit
added 2023/01/12 12:0 a.m.128 views

Html5 Audio Player < 2.1.12 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. h5apinlineplayer src="invalid'...

5.4CVSS2.3AI score0.00573EPSS
Exploits2
NVD
NVD
added 2021/10/18 2:15 p.m.35 views

CVE-2021-24412

The Html5 Audio Player – Audio Player for WordPress plugin before 2.1.3 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious...

5.4CVSS0.00629EPSS
Exploits2References1
CVE
CVE
added 2021/10/18 1:45 p.m.52 views

CVE-2021-24412

The CVE-2021-24412 entry applies to the WordPress plugin Html5 Audio Player (before 2.1.3). The vulnerability is a stored Cross-Site Scripting (XSS) flaw caused by insufficient sanitization/validation of shortcode parameters, enabling users with as low as a contributor role to inject malicious pa...

5.4CVSS5.3AI score0.00629EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2021/10/18 1:45 p.m.40 views

CVE-2021-24412 Html5 Audio Player < 2.1.3 - Contributor+ Stored Cross-Site Scripting

The Html5 Audio Player – Audio Player for WordPress plugin before 2.1.3 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious...

5.6AI score0.00629EPSS
Exploits2References1
Patchstack
Patchstack
added 2021/09/20 12:0 a.m.19 views

WordPress Html5 Audio Player plugin <= 2.1.2 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Michał Lipiński WordPress Html5 Audio Player plugin versions = 2.1.2. Solution Update the WordPress Html5 Audio Player plugin to the latest available version at least 2.1.3...

5.4CVSS1.9AI score0.00629EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/20 12:0 a.m.26 views

Html5 Audio Player < 2.1.3 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode PoC Log in as contributor and add the following shortco...

5.4CVSS2.6AI score0.00629EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.13 views

mb.miniAudioPlayer 1.4.2 - TinyMCE Popup Unspecified Issue

The mb.miniAudioPlayer – an HTML5 audio player for your mp3 files WordPress plugin was affected by a TinyMCE Popup Unspecified Issue security vulnerability...

2.5AI score
Exploits0Affected Software1
Rows per page
Query Builder