3 matches found
CVE-2021-24736
The Easy Download Manager and File Sharing Plugin with frontend file upload – a better Media Library — Shared Files WordPress plugin before 1.6.57 does not sanitise and escape some of its settings before outputting them in attributes, which could lead to Stored Cross-Site Scripting issues...
CVE-2021-24736 Shared Files < 1.6.57 - Admin+ Stored Cross-Site Scripting
The Easy Download Manager and File Sharing Plugin with frontend file upload – a better Media Library — Shared Files WordPress plugin before 1.6.57 does not sanitise and escape some of its settings before outputting them in attributes, which could lead to Stored Cross-Site Scripting issues...
CVE-2021-24736
The CVE-2021-24736 entry concerns the WordPress Shared Files plugin (admin+ stored XSS) prior to version 1.6.57. Connected sources confirm a stored Cross-Site Scripting vulnerability caused by insufficient sanitisation/escaping of certain plugin settings output in HTML attributes, enabling JavaSc...