4 matches found
CVE-2022-3137
The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task's attachments, which could allow any authenticated user such as subscriber creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file...
CVE-2022-3137
The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task's attachments, which could allow any authenticated user such as subscriber creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file...
CVE-2022-3137 TaskBuilder < 1.0.8 - Subscriber+ Stored XSS via SVG file upload
The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task's attachments, which could allow any authenticated user such as subscriber creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file...
CVE-2022-3137
CVE-2022-3137 concerns the WordPress Taskbuilder plugin prior to 1.0.8. The vulnerability allows any authenticated user (e.g., a subscriber) who creates a task to perform a Persistent/Stored Cross-Site Scripting by attaching a malicious SVG file, due to insufficient validation and sanitization of...