4 matches found
CVE-2023-0431 File Away <= 3.9.9.0.1 - Contributor+ Stored XSS via Shortcode
The File Away WordPress plugin through 3.9.9.0.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...
CVE-2023-0431 File Away <= 3.9.9.0.1 - Contributor+ Stored XSS via Shortcode
The File Away WordPress plugin through 3.9.9.0.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...
CVE-2023-0431
CVE-2023-0431 affects the File Away WordPress plugin (versions up to 3.9.9.0.1). The vulnerability is a Stored XSS due to insufficient validation/escaping of a shortcode attribute, enabling a contributor-level user to inject script. Public data show the vulnerability as existing and, per Wordfenc...
WordPress File Away Plugin <= 3.9.9.0.1 is vulnerable to Cross Site Scripting (XSS)
Software File Away Type Plugin Vulnerable versions = 3.9.9.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0431 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c7613f6f78f2 Credits Lana Codes Required...