50 matches found
CVE-2021-24246
The Workscout Core WordPress plugin before 1.3.4, used by the WorkScout Theme did not sanitise the chat messages sent via the workscoutsendmessagechat AJAX action, leading to Stored Cross-Site Scripting and Cross-Frame Scripting issues...
CVE-2021-24246
The Workscout Core WordPress plugin before 1.3.4, used by the WorkScout Theme did not sanitise the chat messages sent via the workscoutsendmessagechat AJAX action, leading to Stored Cross-Site Scripting and Cross-Frame Scripting issues...
Cross site scripting
The Workscout Core WordPress plugin before 1.3.4, used by the WorkScout Theme did not sanitise the chat messages sent via the workscoutsendmessagechat AJAX action, leading to Stored Cross-Site Scripting and Cross-Frame Scripting issues...
WordPress 跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Workscout Core Plugin versions prior to...
CVE-2021-24246
The CVE-2021-24246 entry concerns the Workscout Core WordPress plugin (before 1.3.4) used with the WorkScout Theme. The issue arises because chat messages sent via the workscout_send_message_chat AJAX action were not properly sanitised, leading to Stored Cross-Site Scripting (Stored XSS) and Cros...
CVE-2021-24246 WorkScout Core < 1.3.4 - Authenticated Stored XSS & XFS
The Workscout Core WordPress plugin before 1.3.4, used by the WorkScout Theme did not sanitise the chat messages sent via the workscoutsendmessagechat AJAX action, leading to Stored Cross-Site Scripting and Cross-Frame Scripting issues...
WorkScout Core < 1.3.4 - Authenticated Stored XSS & XFS
The plugin, used by the WorkScout Theme did not sanitise the chat messages sent via the workscoutsendmessagechat AJAX action, leading to Stored Cross-Site Scripting and Cross-Frame Scripting issues Payloads: " " POST /wp-admin/admin-ajax.php HTTP/1.1 Content-Type: application/x-www-form-urlencode...
WorkScout Core < 1.3.4 - Authenticated Stored XSS & XFS
The plugin, used by the WorkScout Theme did not sanitise the chat messages sent via the workscoutsendmessagechat AJAX action, leading to Stored Cross-Site Scripting and Cross-Frame Scripting issues PoC Payloads: " POST /wp-admin/admin-ajax.php HTTP/1.1 Content-Type:...
WordPress WorkScout premium theme <= 2.0.31 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability discovered by m0ze Patchstack Red Team in WordPress WorkScout premium theme versions = 2.0.31. Solution Update the WordPress WorkScout premium theme to the latest available version at least 2.0.32...
WordPress WorkScout premium theme <= 2.0.31 - Cross-Frame Scripting (XFS) vulnerability
Cross-Frame Scripting XFS vulnerability discovered by m0ze Patchstack Red Team in WordPress WorkScout premium theme versions = 2.0.31. Solution Update the WordPress WorkScout premium theme to the latest available version at least 2.0.32...