Lucene search
+L

5 matches found

patchstack
patchstack
added 2023/02/28 12:0 a.m.11 views

WordPress GS Insever Portfolio Plugin < 1.4.5 is vulnerable to Cross Site Scripting (XSS)

Software GS Insever Portfolio Type Plugin Vulnerable versions 1.4.5 Fixed in 1.4.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0539 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID fa5f4f60b861 Credits Lana Codes...

5.4CVSS5.9AI score0.00528EPSS
Exploits2References4Affected Software1
osv
osv
added 2023/02/27 4:15 p.m.4 views

CVE-2023-0539

The GS Insever Portfolio WordPress plugin before 1.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS6.7AI score0.00528EPSS
Exploits2References1
cvelist
cvelist
added 2023/02/27 3:24 p.m.22 views

CVE-2023-0539 GS Insever Portfolio < 1.4.5 - Contributor+ Stored XSS

The GS Insever Portfolio WordPress plugin before 1.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.5AI score0.00528EPSS
Exploits2References1
cve
cve
added 2023/02/27 3:24 p.m.67 views

CVE-2023-0539

The CVE details a Stored Cross-Site Scripting (XSS) in the GS Insever Portfolio WordPress plugin. Affected software: GS Insever Portfolio WordPress plugin versions prior to 1.4.5. Root cause: the plugin fails to validate and escape certain shortcode attributes before output, enabling an attacker ...

5.4CVSS5.3AI score0.00528EPSS
Exploits2References1Affected Software1
vulnrichment
vulnrichment
added 2023/02/27 3:24 p.m.10 views

CVE-2023-0539 GS Insever Portfolio < 1.4.5 - Contributor+ Stored XSS

The GS Insever Portfolio WordPress plugin before 1.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.5AI score0.00528EPSS
Exploits2References1
Rows per page
Query Builder