3 matches found
CVE-2022-4497 Jetpack CRM < 5.5 - Contributor+ Stored XSS
The Jetpack CRM WordPress plugin before 5.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...
CVE-2022-4497
Summary: CVE-2022-4497 affects the Jetpack CRM WordPress plugin before 5.5. The issue is unvalidated/unescaped shortcode attributes in output, enabling Stored XSS where a user with as little as Contributor can target admins. Several connected sources corroborate the vulnerability: PoC payloads ex...
CVE-2022-4497 Jetpack CRM < 5.5 - Contributor+ Stored XSS
The Jetpack CRM WordPress plugin before 5.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...