4 matches found
WordPress CSV Import-Export 1.1 Cross Site Scripting Vulnerability
WordPress CSV Import-Export plugin version 1.1 suffers from a cross site scripting vulnerability. Product: CSV Import-Export Wordpress Plugin - https://wordpress.org/plugins/csv-import-export/ Vendor: eSparkBiz Tested version: 1.1 CVE ID: CVE-2017-17753 CVE description Multiple cross-site scripti...
WordPress CSV Import-Export 1.1 Cross Site Scripting
Product: CSV Import-Export Wordpress Plugin - https://wordpress.org/plugins/csv-import-export/ Vendor: eSparkBiz Tested version: 1.1 CVE ID: CVE-2017-17753 CVE description Multiple cross-site scripting XSS vulnerabilities in the esb-csv-import-export plugin through 1.1 for WordPress allow remote...
CVE-2017-17753
Multiple cross-site scripting XSS vulnerabilities in the esb-csv-import-export plugin through 1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 cietype, 2 cieimport, 3 cieupdate, or 4 cieignore parameter to includes/admin/views/esb-cie-import-export-page.ph...
CVE-2017-17753
The CVE-2017-17753 entry concerns the WordPress plugin esb-csv-import-export (versions up to 1.1). The vulnerability is an XSS in includes/admin/views/esb-cie-import-export-page.php where the GET parameters cie_type, cie_import, cie_update, and cie_ignore are echoed back to the user without prope...