3 matches found
CVE-2021-24646
The Booking.com Banner Creator WordPress plugin before 1.4.3 does not properly sanitize inputs when creating banners, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24646 Booking.com Banner Creator < 1.4.3 - Admin+ Stored Cross-Site Scripting
The Booking.com Banner Creator WordPress plugin before 1.4.3 does not properly sanitize inputs when creating banners, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24646
CVE-2021-24646 affects the Booking.com Banner Creator WordPress plugin pre-1.4.3. The vulnerability arises from improper input sanitization when creating banners, enabling stored Cross-Site Scripting (XSS) by high-privilege admins (admin+ scope). Multiple sources corroborate an XSS vector in the ...