3 matches found
CVE-2020-24145
Cross Site Scripting XSS vulnerability in the CM Download Manager aka cm-download-manager plugin 2.7.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted deletescreenshot action...
CVE-2020-24145
Cross Site Scripting XSS vulnerability in the CM Download Manager aka cm-download-manager plugin 2.7.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted deletescreenshot action...
CVE-2020-24145
CVE-2020-24145 affects the WordPress CM Download Manager (cm-download-manager) plugin, version 2.7.0, via an XSS vulnerability exploitable through a crafted deletescreenshot action. The issue is confirmed across multiple sources (NVD/Red Hat/CNVD, WPVulnDB). Impact is XSS with potential script/HT...