3 matches found
CVE-2023-0424
The MS-Reviews WordPress plugin through 1.5 does not sanitise and escape reviews, which could allow users any authenticated users, such as Subscribers to perform Stored Cross-Site Scripting attacks...
CVE-2023-0424 MS-Reviews <= 1.5 - Subscriber+ Stored XSS
The MS-Reviews WordPress plugin through 1.5 does not sanitise and escape reviews, which could allow users any authenticated users, such as Subscribers to perform Stored Cross-Site Scripting attacks...
WordPress MS-Reviews Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS)
Software MS-Reviews Type Plugin Vulnerable versions = 1.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0424 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 3c9df93ac5de Credits Rio Darmawan Required privilege...