3 matches found
CVE-2021-24591
The Highlight WordPress plugin before 0.9.3 does not sanitise its CustomCSS setting, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24591
The CVE-2021-24591 entry concerns the WordPress plugin Highlight, version before 0.9.3, where the CustomCSS setting is not sanitized. This allows authenticated, high-privilege users to perform Cross-Site Scripting (stored XSS) even when unfiltered_html is disallowed. Affected component is the Cus...
CVE-2021-24591 Highlight < 0.9.3 - Authenticated Stored Cross-Site Scripting
The Highlight WordPress plugin before 0.9.3 does not sanitise its CustomCSS setting, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...