Lucene search
+L

5 matches found

nvd
nvd
added 2023/05/15 1:15 p.m.14 views

CVE-2023-0520

The RapidExpCart WordPress plugin through 1.0 does not sanitize and escape the url parameter in the rapidexpcart endpoint before storing it and outputting it back in the page, leading to a Stored Cross-Site Scripting vulnerability which could be used against high-privilege users such as admin,...

5.4CVSS5.3AI score0.00239EPSS
Exploits2References1
vulnrichment
vulnrichment
added 2023/05/15 12:15 p.m.7 views

CVE-2023-0520 RapidExpCart <= 1.0 - Stored XSS via CSRF

The RapidExpCart WordPress plugin through 1.0 does not sanitize and escape the url parameter in the rapidexpcart endpoint before storing it and outputting it back in the page, leading to a Stored Cross-Site Scripting vulnerability which could be used against high-privilege users such as admin,...

5.3AI score0.00239EPSS
Exploits2References1
cve
cve
added 2023/05/15 12:15 p.m.59 views

CVE-2023-0520

CVE-2023-0520 corresponds to a Stored XSS in the RapidExpCart WordPress plugin up to version 1.0. The vulnerability arises because the url parameter in the rapidexpcart endpoint is not sanitized/escaped before storage and page output, enabling an attacker to inject script that can be executed in ...

5.4CVSS5.5AI score0.00239EPSS
Exploits2References1Affected Software1
cvelist
cvelist
added 2023/05/15 12:15 p.m.22 views

CVE-2023-0520 RapidExpCart <= 1.0 - Stored XSS via CSRF

The RapidExpCart WordPress plugin through 1.0 does not sanitize and escape the url parameter in the rapidexpcart endpoint before storing it and outputting it back in the page, leading to a Stored Cross-Site Scripting vulnerability which could be used against high-privilege users such as admin,...

5.5AI score0.00239EPSS
Exploits2References1
patchstack
patchstack
added 2023/04/27 12:0 a.m.12 views

WordPress RapidExpCart Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software RapidExpCart Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0520 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 78fd6df3f13c Credits Shreya Pohekar Required privile...

5.4CVSS6AI score0.00239EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder