4 matches found
CVE-2022-2409
The Rough Chart WordPress plugin through 1.0.0 does not properly escape chart data label, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-2409
The Rough Chart WordPress plugin through 1.0.0 does not properly escape chart data label, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-2409
The Rough Chart WordPress plugin (versions up to 1.0.0) contains an authentication-restricted stored Cross-Site Scripting (XSS) vulnerability caused by improper escaping of chart data labels. This allows high-privilege users to execute XSS, even when unfiltered_html is disallowed; exploitation re...
CVE-2022-2409 Rough Chart <= 1.0.0 - Admin+ Stored Cross-Site Scripting
The Rough Chart WordPress plugin through 1.0.0 does not properly escape chart data label, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...