55 matches found
CVE-2023-0170
The Html5 Audio Player WordPress plugin before 2.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Cross site scripting
The Html5 Audio Player WordPress plugin before 2.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0170 Html5 Audio Player < 2.1.12 - Contributor+ Stored XSS
The Html5 Audio Player WordPress plugin before 2.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0170 Html5 Audio Player < 2.1.12 - Contributor+ Stored XSS
The Html5 Audio Player WordPress plugin before 2.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0170
The CVE-2023-0170 entry documents an XSS vulnerability in the WordPress Html5 Audio Player plugin prior to version 2.1.12. The issue arises because the plugin does not validate and escape certain shortcode attributes before embedding them in pages/posts, enabling users with the Contributor role o...
WordPress Plugin Html5 Audio Player 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Html5 Audio Player < 2.1.12 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC h5apinlineplayer src="invalid'...
WordPress Html5 Audio Player Plugin < 2.1.12 is vulnerable to Cross Site Scripting (XSS)
Software Html5 Audio Player Type Plugin Vulnerable versions 2.1.12 Fixed in 2.1.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0170 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID e11a35149ba9 Credits Lana Codes...
Html5 Audio Player < 2.1.12 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. h5apinlineplayer src="invalid'...
CVE-2021-24412
The Html5 Audio Player – Audio Player for WordPress plugin before 2.1.3 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious...
CVE-2021-24412
The CVE-2021-24412 entry applies to the WordPress plugin Html5 Audio Player (before 2.1.3). The vulnerability is a stored Cross-Site Scripting (XSS) flaw caused by insufficient sanitization/validation of shortcode parameters, enabling users with as low as a contributor role to inject malicious pa...
CVE-2021-24412 Html5 Audio Player < 2.1.3 - Contributor+ Stored Cross-Site Scripting
The Html5 Audio Player – Audio Player for WordPress plugin before 2.1.3 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious...
WordPress Html5 Audio Player plugin <= 2.1.2 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Michał Lipiński WordPress Html5 Audio Player plugin versions = 2.1.2. Solution Update the WordPress Html5 Audio Player plugin to the latest available version at least 2.1.3...
Html5 Audio Player < 2.1.3 - Contributor+ Stored Cross-Site Scripting
The plugin does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode PoC Log in as contributor and add the following shortco...
mb.miniAudioPlayer 1.4.2 - TinyMCE Popup Unspecified Issue
The mb.miniAudioPlayer – an HTML5 audio player for your mp3 files WordPress plugin was affected by a TinyMCE Popup Unspecified Issue security vulnerability...