4 matches found
CVE-2023-1804
The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the edit parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators...
CVE-2023-1804 Product Catalog Feed by PixelYourSite < 2.1.1 - Reflected XSS
The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the edit parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators...
CVE-2023-1804 Product Catalog Feed by PixelYourSite < 2.1.1 - Reflected XSS
The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the edit parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators...
CVE-2023-1804
The CVE-2023-1804 entry concerns the WordPress plugin Product Catalog Feed by PixelYourSite, affected in versions prior to 2.1.1. The underlying issue is that the edit parameter is not sanitised or escaped when output back into an attribute, resulting in a Reflected XSS vulnerability. The impact ...