7 matches found
CVE-2024-0905 Fancy Product Designer < 6.1.8 - Reflected Cross Site Scripting
The Fancy Product Designer WordPress plugin before 6.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against unauthenticated and admin-level users...
CVE-2024-0905
The vulnerability CVE-2024-0905 affects the Fancy Product Designer WordPress plugin up to version 6.1.8. It enables Reflected XSS by failing to sanitize/escape a parameter before echoing it on the page, potentially impacting unauthenticated users and admin users. The recommended fix is upgrading ...
CVE-2024-0905 Fancy Product Designer < 6.1.8 - Reflected Cross Site Scripting
The Fancy Product Designer WordPress plugin before 6.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against unauthenticated and admin-level users...
Fancy Product Designer < 6.1.8 - Reflected Cross Site Scripting
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against unauthenticated and admin-level users PoC Note: This requires WooCommerce to be installed. 1. Go to "Fancy Product Designe...
Hotjar < 1.0.16 - Admin+ Stored XSS
Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-1259
The Hotjar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the hotjarsiteid in versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above...
CVE-2021-25956
In “Dolibarr” application, v3.3.beta120121221 to v13.0.2 have “Modify” access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming the user “Login”. This leads to complete account takeover of the victim user. This happens since t...