2 matches found
CVE-2021-24564
The WPFront Scroll Top WordPress plugin before 2.0.6.07225 does not sanitise or escape its Image ALT setting before outputting it attributes, leading to an Authenticated Stored Cross-Site Scripting issues even when the unfilteredhtml capability is disallowed...
CVE-2021-24564
The CVE covers WPFront Scroll Top for WordPress, affected versions before 2.0.6.07225. Vulnerability: authenticated stored XSS due to unfiltered/unterminated sanitization of the Image ALT attribute when outputting it. Root cause: lack of sanitization/escaping in the ALT setting leads to script ex...