6 matches found
CVE-2023-2579
The InventoryPress WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-2579
The InventoryPress WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-2579
CVE-2023-2579 concerns the InventoryPress WordPress plugin (≤1.7). The issue is due to insufficient sanitisation/escaping of plugin settings, enabling authenticated users with role Author or higher to perform Stored XSS. Public writeups and Red Hat/NVD entries confirm the vulnerability and its pe...
CVE-2023-2579 InventoryPress <= 1.7 - Author+ Stored XSS
The InventoryPress WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-2579 InventoryPress <= 1.7 - Author+ Stored XSS
The InventoryPress WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks...
WordPress InventoryPress Plugin <= 1.7 is vulnerable to Cross Site Scripting (XSS)
Software InventoryPress Type Plugin Vulnerable versions = 1.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2579 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 980d01840734 Credits daniloalbuqrque Require...