3 matches found
CVE-2020-28707
The Stockdio Historical Chart plugin before 2.8.1 for WordPress is affected by Cross Site Scripting XSS via stockdiocharthistorical-wp.js in wp-content/plugins/stockdio-historical-chart/assets/ because the origin of a postMessage event is not validated. The stockdioeventer function listens for an...
CVE-2020-28707
The Stockdio Historical Chart plugin before 2.8.1 for WordPress is affected by Cross Site Scripting XSS via stockdiocharthistorical-wp.js in wp-content/plugins/stockdio-historical-chart/assets/ because the origin of a postMessage event is not validated. The stockdioeventer function listens for an...
CVE-2020-28707
CVE-2020-28707 affects the Stockdio Historical Chart plugin for WordPress (pre-2.8.1). The root cause is an unvalidated origin for postMessage events in stockdio_chart_historical-wp.js, allowing an attacker on a different site to post crafted messages that are eval’d via data.method. Impact is Cr...