3 matches found
CVE-2023-0233 ActiveCampaign < 8.1.12 - Contributor+ Stored XSS
The ActiveCampaign WordPress plugin before 8.1.12 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0233 ActiveCampaign < 8.1.12 - Contributor+ Stored XSS
The ActiveCampaign WordPress plugin before 8.1.12 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0233
CVE-2023-0233 affects the ActiveCampaign WordPress plugin for versions prior to 8.1.12. The flaw: block options are not validated/escaped before output, enabling Stored XSS for users with contributor+ privileges when the block is embedded on a page/post. Patch available: update to version 8.1.12 ...