5 matches found
CVE-2023-0442
The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its query parameters before outputting them back in a page/post via an embedded shortcode, which could allow an attacker to inject javascript into into the site via a crafted URL...
CVE-2023-0442
The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its query parameters before outputting them back in a page/post via an embedded shortcode, which could allow an attacker to inject javascript into into the site via a crafted URL...
CVE-2023-0442 Loan Comparison < 1.5.2 - Reflected XSS via shortcode
The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its query parameters before outputting them back in a page/post via an embedded shortcode, which could allow an attacker to inject javascript into into the site via a crafted URL...
CVE-2023-0442
CVE-2023-0442 affects the WordPress plugin Loan Comparison up to version 1.5.2 (pre-1.5.3). Root cause: the plugin does not validate and escape certain query parameters before echoing them in pages/posts via the embedded shortcode, enabling reflected XSS through a crafted URL. Impact: attacker co...
WordPress Loan Comparison Plugin < 1.5.3 is vulnerable to Cross Site Scripting (XSS)
Software Loan Comparison Type Plugin Vulnerable versions 1.5.3 Fixed in 1.5.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0442 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 65853d90a7ed Credits Harald Eilertsen Require...