6 matches found
EUVD-2022-51838
Malicious code in bioql PyPI...
CVE-2023-27429
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Automattic - Jetpack CRM team Jetpack CRM plugin = 5.4.4 versions...
CVE-2022-3919
The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-3342
The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the 'zeroBSCRMCSVImporterLitehtmlapp' function in versions up to, and including, 5.3.1. While the function performs a nonce check, steps 2 and 3 of the check do not take any action upon...
CVE-2023-27429
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Automattic - Jetpack CRM team Jetpack CRM plugin = 5.4.4 versions...
Cross site scripting
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Automattic - Jetpack CRM team Jetpack CRM plugin = 5.4.4 versions...