Lucene search
+L

4 matches found

vulnrichment
vulnrichment
added 2023/06/12 5:28 p.m.10 views

CVE-2023-0431 File Away <= 3.9.9.0.1 - Contributor+ Stored XSS via Shortcode

The File Away WordPress plugin through 3.9.9.0.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

5.9AI score0.0037EPSS
Exploits1References1
cvelist
cvelist
added 2023/06/12 5:28 p.m.22 views

CVE-2023-0431 File Away <= 3.9.9.0.1 - Contributor+ Stored XSS via Shortcode

The File Away WordPress plugin through 3.9.9.0.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

5.5AI score0.0037EPSS
Exploits1References1
cve
cve
added 2023/06/12 5:28 p.m.68 views

CVE-2023-0431

CVE-2023-0431 affects the File Away WordPress plugin (versions up to 3.9.9.0.1). The vulnerability is a Stored XSS due to insufficient validation/escaping of a shortcode attribute, enabling a contributor-level user to inject script. Public data show the vulnerability as existing and, per Wordfenc...

5.4CVSS5.5AI score0.0037EPSS
Exploits1References1Affected Software1
patchstack
patchstack
added 2023/05/17 12:0 a.m.13 views

WordPress File Away Plugin <= 3.9.9.0.1 is vulnerable to Cross Site Scripting (XSS)

Software File Away Type Plugin Vulnerable versions = 3.9.9.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0431 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c7613f6f78f2 Credits Lana Codes Required...

5.4CVSS5.6AI score0.0037EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder