CVE-2022-2398

The WordPress Comments Fields WordPress plugin before 4.1 does not escape Field Error Message, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

WordPress WordPress Comments Fields Plugin <= 5.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software WordPress Comments Fields Type Plugin Vulnerable versions = 5.0 Fixed in 5.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0830 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9c14d6f7a75c Credits Francesco...

WordPress WordPress Comments Fields Plugin <= 5.0 is vulnerable to Broken Access Control

Software WordPress Comments Fields Type Plugin Vulnerable versions = 5.0 Fixed in 5.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0829 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID cdb4c1c8e480 Credits Francesco Carlucci...

CVE-2022-39017

Improper input validation and output encoding in all comments fields, in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to introduce cross-site scripting attacks via specially crafted comments...

CVE-2022-2398

The WordPress Comments Fields WordPress plugin before 4.1 does not escape Field Error Message, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2022-2398

The WordPress Comments Fields WordPress plugin before 4.1 does not escape Field Error Message, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2022-2398

The WordPress Comments Fields WordPress plugin before 4.1 does not escape Field Error Message, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

Cross site scripting

The WordPress Comments Fields WordPress plugin before 4.1 does not escape Field Error Message, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2022-2398

CVE-2022-2398 concerns the WordPress Comments Fields plugin (pre-4.1). The flaw is a lack of escaping in the Field Error Message, enabling stored Cross-Site Scripting by high-privilege admins (authenticated users) even when unfiltered_html is disallowed. Affected version: WordPress Comments Field...

CVE-2022-2398 WP Comments Fields < 4.1 - Admin+ Stored Cross-Site Scripting

The WordPress Comments Fields WordPress plugin before 4.1 does not escape Field Error Message, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

PT-2022-16382 · WordPress · Wordpress Comments Fields

Name of the Vulnerable Software and Affected Versions: WordPress Comments Fields WordPress plugin versions prior to 4.1 Description: The issue allows high-privileged users to perform Cross-Site Scripting attacks due to the lack of escaping in Field Error Message, even when unfiltered html is...

WordPress plugin WordPress Comments Fields 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress WP Comments Fields plugin <= 4.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Rafshanzani Suhada in WordPress WP Comments Fields plugin versions = 4.0. Solution Update the WordPress WordPress Comments Fields plugin to the latest available version at least 4.1...

Cross site scripting

Cross-site scripting XSS vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the 1 Your Name, 2 E-Mail, or 3 Comments fields when posting a message...

CVE-2006-1697

Cross-site scripting XSS vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the 1 Your Name, 2 E-Mail, or 3 Comments fields when posting a message...

CVE-2006-1697

Cross-site scripting XSS vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the 1 Your Name, 2 E-Mail, or 3 Comments fields when posting a message...