3 matches found
CVE-2020-27344
The cm-download-manager plugin before 2.8.0 for WordPress allows XSS...
CVE-2020-27344
The cm-download-manager plugin before 2.8.0 for WordPress allows XSS...
CVE-2020-27344
The CVE-2020-27344 entry corresponds to a Cross-Site Scripting (XSS) flaw in the WordPress plugin cm-download-manager, affected until version 2.8.0. The root cause is improper validation/sanitization of client-supplied data, specifically the uploaded filename in Content-Disposition, which can all...