4 matches found
CVE-2021-24828
The Mortgage Calculator / Loan Calculator WordPress plugin before 1.5.17 does not escape the some of the attributes of its mlcalc shortcode before outputting them, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks...
CVE-2021-24828
The Mortgage Calculator / Loan Calculator WordPress plugin before 1.5.17 does not escape the some of the attributes of its mlcalc shortcode before outputting them, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks...
CVE-2021-24828 Mortgage Calculator / Loan Calculator < 1.5.17 - Contributor+ Stored Cross-Site Scripting
The Mortgage Calculator / Loan Calculator WordPress plugin before 1.5.17 does not escape the some of the attributes of its mlcalc shortcode before outputting them, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks...
CVE-2021-24828
Vulnerability summary (CVE-2021-24828) : The WordPress plugin “Mortgage Calculator / Loan Calculator” prior to version 1.5.17 does not escape certain attributes in the mlcalc shortcode output. This can enable Cross-Site Scripting (XSS) by users with as little as a Contributor role. The issue is t...