3 matches found
CVE-2022-3984
The Flowplayer Video Player WordPress plugin before 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...
CVE-2022-3984 Flowplayer Video Player < 1.0.5 - Contributor+ Stored XSS
The Flowplayer Video Player WordPress plugin before 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...
CVE-2022-3984
CVE-2022-3984 concerns the Flowplayer Video Player WordPress plugin, affected versions prior to 1.0.5. The root cause is failure to validate and escape certain shortcode attributes before output, enabling Stored XSS by users with as low as Contributor. The compromise vector is via crafted shortco...