2 matches found
CVE-2022-1228 Opensea < 1.0.3 - Admin+ Stored XSS
The Opensea WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, like its "Referer address" field, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-1228
The Opensea WordPress plugin (≤ 1.0.2, i.e., before 1.0.3) contains a stored XSS vulnerability caused by failing to sanitize and escape certain settings, including the Referer address field. This can allow high-privilege admins to perform Cross-Site Scripting exploits, even when unfiltered_html i...