3 matches found
CVE-2022-1153 LayerSlider < 7.1.2 - Admin+ Stored Cross-Site Scripting
The LayerSlider WordPress plugin before 7.1.2 does not sanitise and escape Project's slug before outputting it back in various place, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...
CVE-2022-1153
The CVE-2022-1153 entry concerns the WordPress LayerSlider plugin prior to version 7.1.2. The issue is a stored Cross-Site Scripting vulnerability caused by improper sanitisation/escaping of a project’s slug, which can be output in multiple contexts. This can allow high-privilege users (e.g., adm...
WordPress LayerSlider Cross Site Scripting
Tittle: WordPress Plugin LayerSlider 5. Exit 6. Save Project 7. XSS will trigger when accessing the project again for example there seem to be other place when its triggered as well, like in the Project's settings POC2 via file,json 1. Add new post & Create Blank Project 2. Import Projects 3. Loa...