Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the improper handling of email links in LoginPage.tsx which allows return URLs that do not start with a / character. An attacker can inject malicious scripts by crafting a specially designed email link...

PT-2023-20069 · WordPress · Feather Login Page

Name of the Vulnerable Software and Affected Versions: Feather Login Page plugin for WordPress versions 1.0.7 through 1.1.1 Description: The issue allows authenticated attackers with subscriber-level permissions and above to access login links, potentially leading to privilege escalation, due to ...