Lucene search
+L

6 matches found

circl
circl
added 2023/03/13 7:23 p.m.8 views

CVE-2023-0538

creationtimestamp| type| source ---|---|--- 2023-03-13 19:23:11+00:00| seen| https://t.me/cibsecurity/59909...

5.4CVSS6.7AI score0.00444EPSS
Exploits2References1
nvd
nvd
added 2023/03/13 5:15 p.m.31 views

CVE-2023-0538

The Campaign URL Builder WordPress plugin before 1.8.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.3AI score0.00444EPSS
Exploits2References1
vulnrichment
vulnrichment
added 2023/03/13 4:3 p.m.6 views

CVE-2023-0538 Campaign URL Builder < 1.8.2 - Contributor+ Stored XSS

The Campaign URL Builder WordPress plugin before 1.8.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.3AI score0.00444EPSS
Exploits2References1
cvelist
cvelist
added 2023/03/13 4:3 p.m.37 views

CVE-2023-0538 Campaign URL Builder < 1.8.2 - Contributor+ Stored XSS

The Campaign URL Builder WordPress plugin before 1.8.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.5AI score0.00444EPSS
Exploits2References1
cve
cve
added 2023/03/13 4:3 p.m.70 views

CVE-2023-0538

CVE-2023-0538 affects the Campaign URL Builder WordPress plugin. Versions prior to 1.8.2 do not validate and escape some shortcode attributes before outputting them on pages/posts containing the shortcode, enabling a contributor+ user to perform a Stored XSS attack. Root cause: insufficient input...

5.4CVSS5.3AI score0.00444EPSS
Exploits2References1Affected Software1
patchstack
patchstack
added 2023/02/17 12:0 a.m.17 views

WordPress Campaign URL Builder Plugin < 1.8.2 is vulnerable to Cross Site Scripting (XSS)

Software Campaign URL Builder Type Plugin Vulnerable versions 1.8.2 Fixed in 1.8.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0538 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 650b985168de Credits Lana Codes...

5.4CVSS5.6AI score0.00444EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder