3 matches found
CVE-2020-35936
Stored Cross-Site Scripting XSS vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to...
CVE-2020-35936
Stored Cross-Site Scripting XSS vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to...
CVE-2020-35936
The CVE-2020-35936 entry concerns WordPress plugins Post Grid (and Team Showcase) with a Stored XSS in Post Grid prior to 2.0.73. The vulnerability arises when an authenticated user can import layouts via AJAX using the action post_grid_import_xml_layouts, allowing JavaScript payloads sourced fro...