5 matches found
EUVD-2019-8766
Malware in sbrugna...
CVE-2019-19133
The CSS Hero plugin through 4.0.3 for WordPress is prone to reflected XSS via the URI in a cssheroaction=editpage request because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary JavaScript in the browser of an unsuspecting user in th...
Input validation
The CSS Hero plugin through 4.0.3 for WordPress is prone to reflected XSS via the URI in a cssheroaction=editpage request because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary JavaScript in the browser of an unsuspecting user in th...
CVE-2019-19133
The CSS Hero plugin through 4.0.3 for WordPress is prone to reflected XSS via the URI in a cssheroaction=editpage request because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary JavaScript in the browser of an unsuspecting user in th...
CVE-2019-19133
The CVE covers a reflected XSS in the WordPress CSS Hero plugin up to version 4.0.3, caused by insufficient sanitization of user input in the URI when csshero_action=edit_page is used. An authenticated attacker could trigger arbitrary JavaScript in the victim’s browser on the affected site, poten...