EUVD-2023-12431

Malicious code in bioql PyPI...

CVE-2023-0370

The WPB Advanced FAQ WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-0370

The CVE affects the WordPress plugin WPB Advanced FAQ, versions 1.0.0 through 1.0.6. The vulnerability stems from inadequate validation and escaping of certain shortcode attributes, allowing stored XSS when the shortcode is embedded in a page/post. Impact: attackers with the contributor role or h...

CVE-2023-0370 WPB Advanced FAQ <= 1.0.6 - Contributor+ Stored XSS

The WPB Advanced FAQ WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

WordPress plugin WPB Advanced FAQ 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress WPB Advanced FAQ Plugin <= 1.0.6 is vulnerable to Cross Site Scripting (XSS)

Software WPB Advanced FAQ Type Plugin Vulnerable versions = 1.0.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0370 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID cc6ff64c0266 Credits Lana Codes Required...