3 matches found
CVE-2022-4392
The iPanorama 360 WordPress Virtual Tour Builder plugin through 1.6.29 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-4392 iPanorama 360 WordPress Virtual Tour Builder <= 1.6.29 - Contributor+ Stored XSS
The iPanorama 360 WordPress Virtual Tour Builder plugin through 1.6.29 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-4392
Product : iPanorama 360 WordPress Virtual Tour Builder plugin (= 1.6.30) or apply vendor advisories/workarounds. Notes : Public PoCs exist demonstrating the Stored XSS behavior; exploitation details are documented in multiple sources (e.g., WPScan, PT Security, Red Hat CVE pages).