3 matches found
WordPress CRM and Lead Management by vcita Plugin <= 2.6.2 is vulnerable to Cross Site Scripting (XSS)
Software CRM and Lead Management by vcita Type Plugin Vulnerable versions = 2.6.2 Fixed in 2.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2404 Patch priority Medium CVSS severity Medium 6.4 Developer Claim ownership PSID 13e385882b8d Credits...
CVE-2023-2404
CVE-2023-2404 is a stored XSS flaw in the WordPress plugin CRM and Lead Management by vcita (versions up to and including 2.6.2). The issue arises from insufficient input sanitization and output escaping in the email parameter, enabling authenticated attackers with the edit_posts capability (e.g....
CVE-2023-2404 CRM and Lead Management by vcita <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the editpost...